Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloader_core.php in the MailBeez plugin for ZenCart before 3.9.22 allows remote attackers to inject arbitrary web script or HTML via the cloudloader_mode parameter.
BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download.
BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy.
A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server.
The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user’s stored addresses by manipulating an id field in the POST request for altering an address.
BMC Control-M/Agent 7.0.00.000 allows OS Command Injection.
BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2).
BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage.
In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting ‘Isolated institutions’ is turned on.
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.