|
197571
|
5.4 |
MEDIUM
Network
|
exceedone
|
exment
|
Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5620
|
2024-11-21 14:34 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197572
|
5.4 |
MEDIUM
Network
|
exceedone
|
exment
|
Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5619
|
2024-11-21 14:34 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197573
|
6.1 |
MEDIUM
Network
|
cybersolutions
|
cybermail
|
Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL.
|
CWE-601
Open Redirect
|
CVE-2020-5541
|
2024-11-21 14:34 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197574
|
6.1 |
MEDIUM
Network
|
cybersolutions
|
cybermail
|
Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to inject arbitrary script or HTML via a specially crafted URL.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5540
|
2024-11-21 14:34 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197575
|
8.8 |
HIGH
Network
|
cloudfoundry
|
cf-deployment
capi-release
|
Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vu…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-5417
|
2024-11-21 14:34 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197576
|
6.5 |
MEDIUM
Network
|
cloudfoundry
|
cf-deployment
routing-release
|
Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in …
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2020-5416
|
2024-11-21 14:34 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197577
|
5.8 |
MEDIUM
Network
|
instructure
|
canvas_learning_management_service
|
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-5775
|
2024-11-21 14:34 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197578
|
7.1 |
HIGH
Local
|
tenable
|
nessus
|
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-5774
|
2024-11-21 14:34 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197579
|
7.8 |
HIGH
Local
|
dell
|
endpoint_security_suite_enterprise
encryption
|
Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local mali…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-5385
|
2024-11-21 14:34 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197580
|
10.0 |
CRITICAL
Network
|
pivotal_software
|
concourse
|
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name a…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-5415
|
2024-11-21 14:34 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
