CVE-2020-15718

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.

Source: CVE-2020-15718

CVE-2020-11438

LibreHealth EMR v2.0.0 is affected by systemic CSRF.

Source: CVE-2020-11438

CVE-2020-11437

LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.

Source: CVE-2020-11437

CVE-2020-11436

LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.

Source: CVE-2020-11436

CVE-2020-11439

LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.

Source: CVE-2020-11439

CVE-2020-10284

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.

Source: CVE-2020-10284

CVE-2020-15716

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.

Source: CVE-2020-15716

CVE-2020-15717

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.

Source: CVE-2020-15717

CVE-2019-19326

SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.

Source: CVE-2019-19326

CVE-2020-2984

Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Discovery and collection script). The supported version that is affected is 12.1.2.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configuration Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configuration Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Configuration Manager accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).

Source: CVE-2020-2984