Max CVSS | 7.5 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-13990 | 7.5 |
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
|
15-10-2024 - 19:35 | 26-07-2019 - 19:15 | |
CVE-2020-11023 | 4.3 |
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex
|
31-08-2023 - 03:15 | 29-04-2020 - 21:15 | |
CVE-2020-11022 | 4.3 |
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
|
31-08-2023 - 03:15 | 29-04-2020 - 22:15 | |
CVE-2019-10086 | 7.5 |
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa
|
25-07-2022 - 18:15 | 20-08-2019 - 21:15 | |
CVE-2019-17195 | 6.8 |
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
|
07-06-2022 - 18:40 | 15-10-2019 - 14:15 | |
CVE-2019-8331 | 4.3 |
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
|
16-05-2022 - 19:52 | 20-02-2019 - 16:29 | |
CVE-2020-7598 | 6.8 |
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
|
22-04-2022 - 19:02 | 11-03-2020 - 23:15 | |
CVE-2017-18635 | 4.3 |
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
|
06-04-2022 - 17:54 | 25-09-2019 - 23:15 | |
CVE-2020-11023 | 4.3 |
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex
|
01-10-2020 - 00:15 | 29-04-2020 - 21:15 | |
CVE-2020-11022 | 4.3 |
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
|
25-09-2020 - 20:15 | 29-04-2020 - 22:15 | |
CVE-2020-10775 | 2.6 |
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser,
|
04-09-2020 - 14:57 | 24-08-2020 - 17:15 | |
CVE-2019-19336 | 4.3 |
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML p
|
23-03-2020 - 16:44 | 19-03-2020 - 14:15 |