Vulnerabilities

CVE-2019-20484

January 8, 2021

An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.

Summary:

An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.

Reference Links(if available):

https://www.gosecure.net/blog/2020/12/15/vera-stored-xss-improper-access-control/

CVSS Score (if available)

v2: / MEDIUM

v3: /

Links to Exploits(if available)

Tags: CVE, CVE-2019-20484, exploit, MISC, vulnerability

CVE-2019-20484

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: Joint Guidance on Deploying AI Systems Securely

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

CISA: Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA: Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: Joint Guidance on Deploying AI Systems Securely

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

CISA: Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA: Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400