CVE-2020-13418 (openiam)
OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. Devamını Oku
OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. Devamını Oku
OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. Devamını Oku
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. Devamını Oku
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. Devamını Oku
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. Devamını Oku
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. Devamını Oku
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. Devamını Oku
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. Devamını Oku
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. Devamını Oku
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. Devamını Oku
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. Devamını Oku
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. Devamını Oku