CVE-2020-13284
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token
Source: CVE-2020-13284
[월:] 2020년 09월
CVE-2020-0570
CVE-2020-0570
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
Source: CVE-2020-0570
CVE-2020-13289
CVE-2020-13289
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated.
Source: CVE-2020-13289
CVE-2020-21845
CVE-2020-21845
Codoforum 4.8.3 allows HTML Injection in the ‘admin dashboard Manage users Section.’
Source: CVE-2020-21845
CVE-2019-0233
CVE-2019-0233
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
Source: CVE-2019-0233
CVE-2019-0230
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Source: CVE-2019-0230
CVE-2020-25378
CVE-2020-25378
WordPress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.
Source: CVE-2020-25378
CVE-2020-22158
CVE-2020-22158
Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the "name" parameter with the malicious code.
Source: CVE-2020-22158
CVE-2020-25375
CVE-2020-25375
WordPress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field.
Source: CVE-2020-25375
CVE-2020-25380
CVE-2020-25380
WordPress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the ‘Recall Settings’ field in admin.php. An attacker can inject JavaScript code that will be stored and executed.
Source: CVE-2020-25380