Security | Protect The Business – … – Dark Reading

Enterprise Vulnerabilities
From DHS/US-’s National CVE-2020-27986
PUBLISHED: 2020-10-28

** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab via the /settings/values URI. NOTE: reportedly, the vendor’s position is "it is the administrator’s responsibility to configure it."

CVE-2020-27981
PUBLISHED: 2020-10-28

An vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III before 5.4.5 allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content

CVE-2020-24707
PUBLISHED: 2020-10-28

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.

CVE-2020-24708
PUBLISHED: 2020-10-28

Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.

CVE-2020-24709
PUBLISHED: 2020-10-28

Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or template.

Source: https://www.darkreading.com/prnewswire2.asp?rkey=20201028HK73427&filter=3928&

Leave a Reply