Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-04 | CVE-2020-26167 | Information Exposure vulnerability in Thedaylightstudio Fuel CMS In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | 10.0 |
| 2020-11-04 | CVE-2020-22278 | Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPmyadmin phpMyAdmin through 5.0.2 allows CSV injection via Export Section. | 8.8 |
| 2020-11-04 | CVE-2020-22277 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Codection Import and Export Users and Customers Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. | 8.0 |
| 2020-11-04 | CVE-2020-22276 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Weformspro Weforms 1.4.7 WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry. | 7.5 |
| 2020-11-04 | CVE-2020-22275 | Injection vulnerability in Easyregistrationforms Easy Registration Forms 2.0.6 Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. | 6.8 |
| 2020-11-04 | CVE-2020-2319 | Insufficiently Protected Credentials vulnerability in Jenkins VMWare LAB Manager Slaves Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2020-11-04 | CVE-2020-2318 | Insufficiently Protected Credentials vulnerability in Jenkins Mail Commander 1.0.0 Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2020-11-04 | CVE-2020-2317 | Cross-site Scripting vulnerability in Jenkins Findbugs Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step. | 5.4 |
| 2020-11-04 | CVE-2020-2316 | Cross-site Scripting vulnerability in Jenkins Static Analysis Utilities Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 |
| 2020-11-04 | CVE-2020-2315 | Unspecified vulnerability in Jenkins Visualworks Store Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |