|
211431
|
5.4 |
MEDIUM
Network
|
salesagility
|
suitecrm
|
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script …
|
CWE-79
Cross-site Scripting
|
CVE-2020-14208
|
2024-11-21 14:02 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211432
|
7.8 |
HIGH
Local
|
apache
|
openoffice
|
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can b…
|
NVD-CWE-noinfo
|
CVE-2020-13958
|
2024-11-21 14:02 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211433
|
9.8 |
CRITICAL
Network
|
resourcexpress
|
meeting_monitor
|
SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure.
|
CWE-89
SQL Injection
|
CVE-2020-13877
|
2024-11-21 14:02 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211434
|
6.1 |
MEDIUM
Network
|
apache
netapp
oracle
|
cxf
snap_creator_framework
vasa_provider_for_clustered_data_ontap
retail_order_broker_cloud_service
business_intelligence
communications_messaging_server
|
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13954
|
2024-11-21 14:02 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211435
|
9.8 |
CRITICAL
Network
|
atlassian
|
jira_comment
|
The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially …
|
NVD-CWE-noinfo
|
CVE-2020-14189
|
2024-11-21 14:02 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211436
|
9.8 |
CRITICAL
Network
|
atlassian
|
jira_create
|
The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a special…
|
NVD-CWE-noinfo
|
CVE-2020-14188
|
2024-11-21 14:02 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211437
|
6.1 |
MEDIUM
Network
|
hcltech
|
notes
|
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to exec…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14240
|
2024-11-21 14:02 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211438
|
6.1 |
MEDIUM
Network
|
hcltech
|
hcl_digital_experience
|
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a cr…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14222
|
2024-11-21 14:02 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211439
|
5.3 |
MEDIUM
Network
|
apache
|
kylin
|
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, …
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-13937
|
2024-11-21 14:02 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211440
|
5.4 |
MEDIUM
Network
|
sage
|
easypay
|
Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Trans…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13893
|
2024-11-21 14:02 |
2020-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
