Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-15 | CVE-2020-24985 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Quadbase Espressdashboard 7.0 An issue was discovered in Quadbase EspressReports ES 7 Update 9. | 8.1 |
| 2021-03-12 | CVE-2021-28162 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Eclipse Theia In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run. | 6.1 |
| 2021-02-22 | CVE-2020-22474 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Weberp 4.15 In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion. | 6.5 |
| 2021-02-18 | CVE-2021-20443 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Maximo for Civil Infrastructure 7.6.2 IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. | 8.8 |
| 2021-01-28 | CVE-2021-20187 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Moodle It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. | 7.2 |
| 2021-01-26 | CVE-2021-26272 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). | 6.5 |
| 2021-01-26 | CVE-2021-26271 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin). | 6.5 |
| 2020-11-25 | CVE-2020-29072 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Liquidfiles A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. | 6.1 |
| 2020-09-19 | CVE-2020-25788 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Tt-Rss Tiny RSS 17.4 An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. | 8.1 |
| 2020-08-11 | CVE-2020-13175 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Teradici products The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request. | 7.5 |