|
218231
|
5.4 |
MEDIUM
Network
|
atlassian
|
confluence_server
confluence_data_center
|
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters.…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14175
|
2024-11-21 14:02 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218232
|
6.1 |
MEDIUM
Network
|
tc_custom_javascript_project
|
tc_custom_javascript
|
A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-con…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14063
|
2024-11-21 14:02 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218233
|
6.1 |
MEDIUM
Network
|
apache
|
activemq_artemis
|
In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into …
|
CWE-79
Cross-site Scripting
|
CVE-2020-13932
|
2024-11-21 14:02 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218234
|
5.3 |
MEDIUM
Network
|
golang
opensuse
|
go
leap
|
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Window…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-14039
|
2024-11-21 14:02 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218235
|
9.8 |
CRITICAL
Network
|
kramdown_project
debian
fedoraproject
canonical
|
kramdown
debian_linux
fedora
ubuntu_linux
|
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded …
|
CWE-862
Missing Authorization
|
CVE-2020-14001
|
2024-11-21 14:02 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218236
|
9.8 |
CRITICAL
Network
|
mit
|
scratch-vm
|
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code executio…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14000
|
2024-11-21 14:02 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218237
|
8.8 |
HIGH
Network
|
icewarp
|
mail_server
|
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-14066
|
2024-11-21 14:02 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218238
|
6.5 |
MEDIUM
Network
|
icewarp
|
mail_server
|
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-14065
|
2024-11-21 14:02 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218239
|
6.5 |
MEDIUM
Network
|
icewarp
|
mail_server
|
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-14064
|
2024-11-21 14:02 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218240
|
5.3 |
MEDIUM
Network
|
apache
|
ofbiz
|
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-13923
|
2024-11-21 14:02 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
