Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2020-5306

Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.

CVE
#sql#xss#php
CVE-2019-20218: Do not attempt to unwind the WITH stack in the Parse object following… · sqlite/sqlite@a6c1a71

selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.

CVE-2019-20204: Postie

The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.

CVE-2019-8634: About the security content of macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra

An authentication issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5. A user may be unexpectedly logged in to another user’s account.

CVE-2019-16563: Jenkins Security Advisory 2019-12-17

Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties.

CVE-2019-16562: Jenkins Security Advisory 2019-12-17

Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions.

CVE-2019-16564: Jenkins Security Advisory 2019-12-17

Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names.

CVE-2019-12414

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab

CVE-2019-19740: Email Marketing Articles - Octeth

Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.