Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35128PUBLISHED: 2021-01-19
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. ...
CVE-2020-35129PUBLISHED: 2021-01-19
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on th...
CVE-2020-23342PUBLISHED: 2021-01-19A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
CVE-2020-20950PUBLISHED: 2021-01-19
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable li...
CVE-2020-23522PUBLISHED: 2021-01-19Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
User Rank: Strategist
5/3/2016 | 2:16:16 PM