Security Vulnerabilities - CVEs Published In July 2020
An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.
CVSS Score
6.1
EPSS Score
0.021
Published
2020-07-15
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-07-15
An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials
CVSS Score
5.3
EPSS Score
0.0
Published
2020-07-15
An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-07-15
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.
CVSS Score
6.3
EPSS Score
0.0
Published
2020-07-15
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
CVSS Score
6.1
EPSS Score
0.93
Published
2020-07-15
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.
CVSS Score
7.1
EPSS Score
0.002
Published
2020-07-15
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-07-15
Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).
CVSS Score
9.8
EPSS Score
0.002
Published
2020-07-15
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly."
CVSS Score
4.4
EPSS Score
0.001
Published
2020-07-15