CVE-2020-11022
- EPSS 22.55%
- Published 29.04.2020 22:15:11
- Last modified 21.11.2024 04:56:36
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob...
CVE-2020-1954
- EPSS 0.1%
- Published 01.04.2020 21:15:14
- Last modified 21.11.2024 05:11:43
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to...
CVE-2019-12415
- EPSS 0.02%
- Published 23.10.2019 20:15:12
- Last modified 21.11.2024 04:22:47
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E...