|
211921
|
6.1 |
MEDIUM
Network
|
hcltech
|
notes
|
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to exec…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14240
|
2024-11-21 14:02 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211922
|
6.1 |
MEDIUM
Network
|
hcltech
|
hcl_digital_experience
|
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a cr…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14222
|
2024-11-21 14:02 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211923
|
5.3 |
MEDIUM
Network
|
apache
|
kylin
|
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, …
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-13937
|
2024-11-21 14:02 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211924
|
5.4 |
MEDIUM
Network
|
sage
|
easypay
|
Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Trans…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13893
|
2024-11-21 14:02 |
2020-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211925
|
6.5 |
MEDIUM
Network
|
redhat
|
single_sign-on
openshift_application_runtimes
jboss_enterprise_application_platform
|
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. T…
|
CWE-287
Improper Authentication
|
CVE-2020-14299
|
2024-11-21 14:02 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211926
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
|
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before …
|
CWE-862
Missing Authorization
|
CVE-2020-14185
|
2024-11-21 14:02 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211927
|
7.2 |
HIGH
Network
|
gitea
|
gitea
|
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that…
|
CWE-78
OS Command
|
CVE-2020-14144
|
2024-11-21 14:02 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211928
|
9.8 |
CRITICAL
Network
|
apache
|
solr
|
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that…
|
CWE-863
Incorrect Authorization
|
CVE-2020-13957
|
2024-11-21 14:02 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211929
|
4.3 |
MEDIUM
Network
|
apache
debian
oracle
|
tomcat
debian_linux
instantis_enterprisetrack
sd-wan_edge
|
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation o…
|
NVD-CWE-noinfo
|
CVE-2020-13943
|
2024-11-21 14:02 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211930
|
5.4 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
|
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14184
|
2024-11-21 14:02 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
