Monthly Archive: March 2020

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-017-cross-site-scripting-in-erpnext/

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-017-cross-site-scripting-in-erpnext/

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-017-cross-site-scripting-in-erpnext/

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-017-cross-site-scripting-in-erpnext/

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-017-cross-site-scripting-in-erpnext/

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-017-cross-site-scripting-in-erpnext/

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-017-cross-site-scripting-in-erpnext/

Open edX Ironwood.1 allows support/certificates?user= reflected XSS. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-014-reflected-cross-site-scripting-in-openedx/

Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. Date published : 2020-03-19 https://medium.com/@mucomplex/undisclosed-cve-2019-19484-cve-2019-19486-cve-2019-19487-b46b97c930cd

Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. Date published : 2020-03-19 https://medium.com/@mucomplex/undisclosed-cve-2019-19484-cve-2019-19486-cve-2019-19487-b46b97c930cd

Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. Date published : 2020-03-19 https://medium.com/@mucomplex/undisclosed-cve-2019-19484-cve-2019-19486-cve-2019-19487-b46b97c930cd

A cross-site scripting vulnerability was reported in the oVirt-engine’s OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious...

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. Date published : 2020-03-19 https://tanzu.vmware.com/security/cve-2019-19029 https://github.com/goharbor/harbor/security/advisories

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. Date published : 2020-03-19 https://tanzu.vmware.com/security/cve-2019-19026 https://github.com/goharbor/harbor/security/advisories