Exec Order Could Force Software Vendors to Disclose …

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-19625
PUBLISHED: 2021-03-26

Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.

CVE-2020-19626
PUBLISHED: 2021-03-26

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.

CVE-2020-25840
PUBLISHED: 2021-03-26

Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.

CVE-2021-22506
PUBLISHED: 2021-03-26

Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.

CVE-2021-3275
PUBLISHED: 2021-03-26

Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper valida…

Similar Posts