WebSEC News.

MONTHLY CVE UPDATE

Discovered by: Polina Voronina, Feb 13, 2020

CVE-2020-7051 [Type: Stored Cross-Site Scripting, Product: Codelogic Codoforum, Version: 4.8.4]

CVE-2020-7050 [Type: DOM-Based Cross-Site Scripting, Product: Codelogic Codoforum, Version: 4.8.4]


Discovered by: Joel Aviad Ossi, Jan 13, 2020

CVE-2020-6844 [Type: Cross-Site Request Forgery, Product: TopManage OLK, Version: 2020]

CVE-2020-6845 [Type: DOM-Based Cross-Site Scripting, Product: TopManage OLK, Version: 2020]

Happy New Year

News by: Joel Aviad Ossi, Jan 1, 2020

Happy Holidays to everyone, websec wishes you a happy and secure new year!

MONTHLY CVE UPDATE

Discovered by: Joel Aviad Ossi, Dec 18, 2019

CVE-2019-19857 [Type: Violation of Secure Design Principles, Product: Serpico, Version: 1.3

CVE-2019-19854 [Type: Cross-Site Request Forgery, Product: Serpico, Version: 1.3]

CVE-2019-19859 [Type: Improper Input Validation, Product: Serpico, Version: 1.3]

CVE-2019-19858 [Type: Stored-XSS, Product: Serpico, Version: 1.3]

CVE-2019-19855 [Type: Stored-XSS, Product: Serpico, Version: 1.3]

CVE-2019-19856 [Type: Stored-XSS, Product: Serpico, Version: 1.3]


Updates Pushed: https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182

WEBSEC CVE OF THE YEAR

Discovered by: Joel Aviad Ossi, Jan 10, 2019

CVE-2018-16803 [Type: SOAP Parser SQL Code Execution, Product: CIMTechniques CIMScan, Version: 6.x]


Reference: US Department of Defense Cyber Center (DC3)