CVE-2020-11022
- EPSS 18.04%
- Veröffentlicht 29.04.2020 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:56:36
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob...
CVE-2020-1954
- EPSS 0.11%
- Veröffentlicht 01.04.2020 21:15:14
- Zuletzt bearbeitet 21.11.2024 05:11:43
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to...
CVE-2019-12415
- EPSS 0.02%
- Veröffentlicht 23.10.2019 20:15:12
- Zuletzt bearbeitet 21.11.2024 04:22:47
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E...