|
197011
|
5.4 |
MEDIUM
Network
|
tenable
|
tenable.sc
|
Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation technique…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5737
|
2024-11-21 14:34 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197012
|
6.1 |
MEDIUM
Network
|
openmrs
|
openmrs
|
In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of…
|
CWE-601
Open Redirect
|
CVE-2020-5733
|
2024-11-21 14:34 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197013
|
6.1 |
MEDIUM
Network
|
openmrs
|
openmrs
|
In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticate…
|
CWE-601
Open Redirect
|
CVE-2020-5732
|
2024-11-21 14:34 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197014
|
6.1 |
MEDIUM
Network
|
openmrs
|
openmrs
|
In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5731
|
2024-11-21 14:34 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197015
|
6.1 |
MEDIUM
Network
|
openmrs
|
openmrs
|
In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5730
|
2024-11-21 14:34 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197016
|
6.1 |
MEDIUM
Network
|
openmrs
|
openmrs
|
In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is su…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5729
|
2024-11-21 14:34 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197017
|
6.1 |
MEDIUM
Network
|
openmrs
|
openmrs
|
OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). There is insufficient validation for this parameter, which all…
|
CWE-79
CWE-20
Cross-site Scripting
Improper Input Validation
|
CVE-2020-5728
|
2024-11-21 14:34 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197018
|
5.5 |
MEDIUM
Local
|
mikrotik
|
winbox
|
MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-5721
|
2024-11-21 14:34 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197019
|
8.8 |
HIGH
Network
|
grandstream
|
gxp1610_firmware
gxp1615_firmware
gxp1620_firmware
gxp1625_firmware
gxp1628_firmware
gxp1630_firmware
|
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additio…
|
CWE-94
Code Injection
|
CVE-2020-5739
|
2024-11-21 14:34 |
2020-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197020
|
8.8 |
HIGH
Network
|
grandstream
|
gxp1610_firmware
gxp1615_firmware
gxp1620_firmware
gxp1625_firmware
gxp1628_firmware
gxp1630_firmware
|
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpnta…
|
CWE-59
Link Following
|
CVE-2020-5738
|
2024-11-21 14:34 |
2020-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
