CVE-2020-9445
Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
Source: CVE-2020-9445
[월:] 2020년 04월
CVE-2019-10148
CVE-2019-10148
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-12779. Reason: This candidate is a reservation duplicate of CVE-2019-12779. Notes: All CVE users should reference CVE- CVE-2019-12779 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Source: CVE-2019-10148
CVE-2020-3946
CVE-2020-3946
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).
Source: CVE-2020-3946
CVE-2020-1803
CVE-2020-1803
Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information disclosure vulnerability. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim’s smartphone to launch the attack, successful exploit could cause information disclosure.
Source: CVE-2020-1803
CVE-2020-11753
CVE-2020-11753
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).
Source: CVE-2020-11753
CVE-2020-5286
CVE-2020-5286
In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file.
The problem is fixed in 1.7.6.5
Source: CVE-2020-5286
CVE-2020-5288
CVE-2020-5288
"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page.
The problem is fixed in 1.7.6.5.
Source: CVE-2020-5288
CVE-2020-5285
CVE-2020-5285
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5
Source: CVE-2020-5285
CVE-2020-5293
CVE-2020-5293
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.
Source: CVE-2020-5293
CVE-2020-5287
CVE-2020-5287
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search.
The problem is fixed in 1.7.6.5.
Source: CVE-2020-5287