|
211141
|
5.4 |
MEDIUM
Network
|
zammad
|
zammad
|
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will execute w…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10103
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211142
|
7.5 |
HIGH
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors…
|
CWE-20
CWE-755
Improper Input Validation
Improper Handling of Exceptional Conditions
|
CVE-2020-10101
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211143
|
5.4 |
MEDIUM
Network
|
zammad
|
zammad
|
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Ticket functionality in Zammad. The malicious JavaScript will execute within…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10099
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211144
|
5.4 |
MEDIUM
Network
|
zammad
|
zammad
|
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browse…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10098
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211145
|
5.3 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-10097
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211146
|
7.5 |
HIGH
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a …
|
CWE-200
Information Exposure
|
CVE-2020-10096
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211147
|
8.8 |
HIGH
Network
|
metalgenix
|
genixcms
|
GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection…
|
CWE-352
Origin Validation Error
|
CVE-2020-10057
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211148
|
5.3 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password functionality is implemented in a way that would enable an anonymous user to guess valid user emails. In the current implementat…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-10102
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211149
|
6.5 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access …
|
NVD-CWE-noinfo
|
CVE-2020-10100
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211150
|
5.5 |
MEDIUM
Local
|
gnu
fedoraproject
canonical
opensuse
netapp
debian
|
glibc
fedora
ubuntu_linux
leap
cloud_backup
steelstore_cloud_integrated_storage
solidfire
hci_management_node
active_iq_unified_manager
h410c_firmware
debian_linux
|
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10029
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
