|
210491
|
8.8 |
HIGH
Network
|
iris
|
star
|
A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be …
|
CWE-352
Origin Validation Error
|
CVE-2020-28403
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210492
|
8.8 |
HIGH
Network
|
iris
|
star_practice_management
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.
|
NVD-CWE-noinfo
|
CVE-2020-28402
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210493
|
6.5 |
MEDIUM
Network
|
iris
|
star_practice_management
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.
|
NVD-CWE-noinfo
|
CVE-2020-28401
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210494
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
ecostruxure_operator_terminal_expert
pro-face_blue
|
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution whe…
|
-
|
CVE-2020-28221
|
2024-11-21 14:22 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210495
|
6.8 |
MEDIUM
Network
|
visjs
|
vis-timeline
|
This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28487
|
2024-11-21 14:22 |
2021-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210496
|
7.1 |
HIGH
Network
|
gin-gonic
|
gin
|
This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-28483
|
2024-11-21 14:22 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210497
|
8.8 |
HIGH
Network
|
softwaremill
|
akka-http-session
|
This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-…
|
CWE-352
Origin Validation Error
|
CVE-2020-28452
|
2024-11-21 14:22 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210498
|
8.8 |
HIGH
Network
|
fastify
|
fastify-csrf
|
This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token …
|
CWE-200
CWE-732
Information Exposure
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-28482
|
2024-11-21 14:22 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210499
|
4.3 |
MEDIUM
Network
|
socket
|
socket.io
|
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
|
CWE-346
Origin Validation Error
|
CVE-2020-28481
|
2024-11-21 14:22 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210500
|
9.8 |
CRITICAL
Network
|
jointjs
|
jointjs
|
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the obje…
|
NVD-CWE-Other
|
CVE-2020-28480
|
2024-11-21 14:22 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
