SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.

Source

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

Source

Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.

Source

Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.

Source

An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.

Source

An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.

Source

An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.

Source

Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.

Source

Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack.

Source

Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS).

Source