CVE-2020-13262
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link
Source: CVE-2020-13262
[월:] 2020년 06월
CVE-2020-14930
CVE-2020-14930
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client.
Source: CVE-2020-14930
CVE-2019-20891
CVE-2019-20891
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.
Source: CVE-2019-20891
CVE-2017-18920
CVE-2017-18920
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.
Source: CVE-2017-18920
CVE-2017-18919
CVE-2017-18919
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.
Source: CVE-2017-18919
CVE-2017-18905
CVE-2017-18905
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
Source: CVE-2017-18905
CVE-2017-18917
CVE-2017-18917
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
Source: CVE-2017-18917
CVE-2016-11084
CVE-2016-11084
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.
Source: CVE-2016-11084
CVE-2017-18918
CVE-2017-18918
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.
Source: CVE-2017-18918
CVE-2020-10750
CVE-2020-10750
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container’s log file to discover the Kafka credentials.
Source: CVE-2020-10750