|
209951
|
4.8 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scr…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26083
|
2024-11-21 14:19 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209952
|
9.8 |
CRITICAL
Network
|
alerta_project
|
alerta
|
In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deplo…
|
-
|
CVE-2020-26214
|
2024-11-21 14:19 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209953
|
7.5 |
HIGH
Network
|
linuxfoundation
fedoraproject
|
nats-server
fedora
|
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-26521
|
2024-11-21 14:19 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209954
|
7.8 |
HIGH
Local
|
marmind
|
marmind
|
A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing fo…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-26507
|
2024-11-21 14:19 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209955
|
6.1 |
MEDIUM
Network
|
marmind
|
marmind
|
A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they o…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26505
|
2024-11-21 14:19 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209956
|
4.3 |
MEDIUM
Network
|
marmind
|
marmind
|
An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed …
|
CWE-670
CWE-863
Always-Incorrect Control Flow Implementation
Incorrect Authorization
|
CVE-2020-26506
|
2024-11-21 14:19 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209957
|
8.0 |
HIGH
Network
|
databaseschemareader_project
|
dbschemareader
|
DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a …
|
-
|
CVE-2020-26207
|
2024-11-21 14:19 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209958
|
9.8 |
CRITICAL
Network
|
thedaylightstudio
|
fuel_cms
|
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
|
NVD-CWE-noinfo
|
CVE-2020-26167
|
2024-11-21 14:19 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209959
|
8.7 |
HIGH
Network
|
bookstackapp
|
bookstack
|
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context…
|
-
|
CVE-2020-26211
|
2024-11-21 14:19 |
2020-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209960
|
8.7 |
HIGH
Network
|
bookstackapp
|
bookstack
|
In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous con…
|
-
|
CVE-2020-26210
|
2024-11-21 14:19 |
2020-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
