CVE-2020-14208 (suitecrm)

SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.

Source

/by

CVE-2020-28362 (go)

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

Source

/by

CVE-2020-28367 (go)

Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.

Source

/by

CVE-2020-28366 (go)

Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.

Source

/by

CVE-2020-26553 (controller)

An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.

Source

/by

CVE-2020-26550 (controller)

An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.

Source

/by

CVE-2020-26551 (controller)

An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.

Source

/by

CVE-2020-25832 (filr)

Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.

Source

/by

CVE-2020-25833 (idol)

Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack.

Source

/by

CVE-2020-25834 (arcsight_logger)

Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS).

Source

/by