|
200201
|
9.6 |
CRITICAL
Network
|
acquia
|
mautic
|
A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35125
|
2024-11-21 14:26 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200202
|
7.8 |
HIGH
Local
|
cloudflare
|
warp
|
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-35152
|
2024-11-21 14:26 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200203
|
7.8 |
HIGH
Local
|
acronis
|
true_image
|
Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-35145
|
2024-11-21 14:26 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200204
|
9.6 |
CRITICAL
Network
|
acquia
|
mautic
|
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35124
|
2024-11-21 14:26 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200205
|
9.0 |
CRITICAL
Network
|
acquia
|
mautic
|
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an …
|
CWE-79
Cross-site Scripting
|
CVE-2020-35128
|
2024-11-21 14:26 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200206
|
9.0 |
CRITICAL
Network
|
mautic
|
mautic
|
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35129
|
2024-11-21 14:26 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200207
|
6.1 |
MEDIUM
Network
|
quest
|
policy_authority_for_unified_communications
|
Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35206
|
2024-11-21 14:26 |
2021-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200208
|
9.8 |
CRITICAL
Network
|
quest
|
policy_authority_for_unified_communications
|
Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp fil…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-35205
|
2024-11-21 14:26 |
2021-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200209
|
6.1 |
MEDIUM
Network
|
quest
|
policy_authority_for_unified_communications
|
Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file …
|
CWE-79
Cross-site Scripting
|
CVE-2020-35204
|
2024-11-21 14:26 |
2021-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200210
|
6.1 |
MEDIUM
Network
|
quest
|
policy_authority_for_unified_communications
|
Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file vi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35203
|
2024-11-21 14:26 |
2021-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
