» 2020 » 3월

CVE-2019-16063

Posted on 2020년 3월 20일2020년 3월 20일 by admin

CVE-2019-16063

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data.

Source: CVE-2019-16063

CVE-2020-7006

Posted on 2020년 3월 20일2020년 3월 20일 by admin

CVE-2020-7006

Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution.

Source: CVE-2020-7006

CVE-2020-10671

Posted on 2020년 3월 20일2020년 3월 20일 by admin

CVE-2020-10671

The Canon Oce Colorwave 500 4.0.0.0 printer’s web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version.

Source: CVE-2020-10671

CVE-2019-15124

Posted on 2020년 3월 20일2020년 3월 20일 by admin

CVE-2019-15124

In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL1_31, REL1_32, and REL1_33.

Source: CVE-2019-15124

CVE-2020-10670

Posted on 2020년 3월 20일2020년 3월 20일 by admin

CVE-2020-10670

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version.

Source: CVE-2020-10670

CVE-2019-15539

Posted on 2020년 3월 20일2020년 3월 20일 by admin

CVE-2019-15539

The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document’s page.

Source: CVE-2019-15539

CVE-2020-10667

Posted on 2020년 3월 20일2020년 3월 20일 by admin

CVE-2020-10667

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version.

Source: CVE-2020-10667

CVE-2020-10668

Posted on 2020년 3월 20일2020년 3월 20일 by admin

CVE-2020-10668

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.

Source: CVE-2020-10668

CVE-2020-5267

Posted on 2020년 3월 20일2020년 3월 20일 by admin

CVE-2020-5267

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView’s JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

Source: CVE-2020-5267

CVE-2019-20526

Posted on 2020년 3월 20일2020년 3월 20일 by admin

CVE-2019-20526

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter.

Source: CVE-2019-20526