Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28487PUBLISHED: 2021-01-22This affects the package vis-timeline before 7.4.4.
An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.
CVE-2021-21260PUBLISHED: 2021-01-22
Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini.
In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf ...
CVE-2021-21270PUBLISHED: 2021-01-22
OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext.
This vulnerability is patc...
CVE-2020-4766PUBLISHED: 2021-01-22IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.
CVE-2021-21259PUBLISHED: 2021-01-22
HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode.
Depending on the configuration of the instance...
User Rank: Apprentice
11/14/2019 | 4:11:36 PM