|
212641
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortinac
|
An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin User…
|
CWE-79
Cross-site Scripting
|
CVE-2020-12816
|
2024-11-21 14:00 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212642
|
6.1 |
MEDIUM
Network
|
rad
|
secflow-1v_firmware
|
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will rema…
|
CWE-79
CWE-434
Cross-site Scripting
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13260
|
2024-11-21 14:00 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212643
|
9.0 |
CRITICAL
Network
|
solarwinds
|
orion_platform
|
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation …
|
CWE-79
Cross-site Scripting
|
CVE-2020-13169
|
2024-11-21 14:00 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212644
|
8.8 |
HIGH
Network
|
rad
|
secflow-1v_firmware
|
A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attac…
|
CWE-352
Origin Validation Error
|
CVE-2020-13259
|
2024-11-21 14:00 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212645
|
4.7 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-13307
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212646
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public …
|
CWE-287
Improper Authentication
|
CVE-2020-13303
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212647
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-13306
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212648
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-13305
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212649
|
7.2 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-13304
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212650
|
7.2 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a u…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-13302
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
