|
210701
|
7.5 |
HIGH
Network
|
hcltech
|
domino
|
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a special…
|
CWE-20
Improper Input Validation
|
CVE-2020-14230
|
2024-11-21 14:02 |
2020-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210702
|
5.4 |
MEDIUM
Network
|
salesagility
|
suitecrm
|
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script …
|
CWE-79
Cross-site Scripting
|
CVE-2020-14208
|
2024-11-21 14:02 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210703
|
7.8 |
HIGH
Local
|
apache
|
openoffice
|
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can b…
|
NVD-CWE-noinfo
|
CVE-2020-13958
|
2024-11-21 14:02 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210704
|
9.8 |
CRITICAL
Network
|
resourcexpress
|
meeting_monitor
|
SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure.
|
CWE-89
SQL Injection
|
CVE-2020-13877
|
2024-11-21 14:02 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210705
|
6.1 |
MEDIUM
Network
|
apache
netapp
oracle
|
cxf
snap_creator_framework
vasa_provider_for_clustered_data_ontap
retail_order_broker_cloud_service
business_intelligence
communications_messaging_server
|
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13954
|
2024-11-21 14:02 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210706
|
9.8 |
CRITICAL
Network
|
atlassian
|
jira_comment
|
The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially …
|
NVD-CWE-noinfo
|
CVE-2020-14189
|
2024-11-21 14:02 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210707
|
9.8 |
CRITICAL
Network
|
atlassian
|
jira_create
|
The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a special…
|
NVD-CWE-noinfo
|
CVE-2020-14188
|
2024-11-21 14:02 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210708
|
6.1 |
MEDIUM
Network
|
hcltech
|
notes
|
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to exec…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14240
|
2024-11-21 14:02 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210709
|
6.1 |
MEDIUM
Network
|
hcltech
|
hcl_digital_experience
|
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a cr…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14222
|
2024-11-21 14:02 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210710
|
5.3 |
MEDIUM
Network
|
apache
|
kylin
|
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, …
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-13937
|
2024-11-21 14:02 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
