CVE-2020-4101
"HCL Digital Experience is susceptible to Server Side Request Forgery."
Source: CVE-2020-4101
[월:] 2020년 06월
CVE-2020-4380
CVE-2020-4380
IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179160.
Source: CVE-2020-4380
CVE-2020-5592
CVE-2020-5592
Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors.
Source: CVE-2020-5592
CVE-2020-5593
CVE-2020-5593
Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file.
Source: CVE-2020-5593
CVE-2020-13855
CVE-2020-13855
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.
Source: CVE-2020-13855
CVE-2020-13853
CVE-2020-13853
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.
Source: CVE-2020-13853
CVE-2020-13851
CVE-2020-13851
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
Source: CVE-2020-13851
CVE-2020-13854
CVE-2020-13852
CVE-2020-13852
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
Source: CVE-2020-13852
CVE-2020-13850
CVE-2020-13850
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.
Source: CVE-2020-13850