Security Vulnerability Advisories

Summary

CVE-2020-27850
CVE-2020-27851
CVE-2020-27852
CVE-2019-12305
CVE-2019-12304
CVE-2019-12307
CVE-2019-12306
CVE-2019-12547
CVE-2019-19356

CVE-2020-27850

Publication Date: 2021.01.15
Revision: 1.2
Link: https://digital.security/advisories/cert-ds_advisory_CVE-2020-27850.txt

A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).

CVE-2020-27851

Publication Date: 2021.01.15
Revision: 1.3
Link: https://digital.security/advisories/cert-ds_advisory_CVE-2020-27851.txt

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).

CVE-2020-27852

Publication Date: 2021.01.15
Revision: 1.1
Link: https://digital.security/advisories/cert-ds_advisory_CVE-2020-27852.txt

A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).

CVE-2019-12305

Publication Date: 04/29/2020
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory-ezcast_pro_ii_admin_password-cve-2019-12305.txt

Information Disclosure of Admin Password - EZCast Pro II

CVE-2019-12304

Publication Date: 04/29/2020
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory-ezcast_pro_ii_arbitrary_file_upload-cve-2019-12304.txt

Arbitrary File Upload leading to Unauthenticated Remote Code Execution - EZCast Pro II

CVE-2019-12307

Publication Date: 04/29/2020
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory-ezcast_pro_ii_csrf-cve-2019-12307.txt

Multiple Cross-Site Request Forgery - EZCast Pro II

CVE-2019-12306

Publication Date: 04/29/2020
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory-ezcast_pro_ii_unauthenticated_settings_modification-cve-2019-12306.txt

Unauthenticated Settings Modification - EZCast Pro II

CVE-2019-12547

Publication Date: 04/17/2020
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory-opentrust_mft_xss-cve-2019-12547.txt

Reflected XSS in OpenTrust MFT

CVE-2019-19356

Publication Date: 25/11/2019
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory_netis_router_wf2419_-_cve-2019-19356.txt
Blogpost: https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356

Netis WF2419 V1.2.31805 to V2.2.36123 - Remote Code Execution

Language English

Siège social
50 avenue Daumesnil
Immeuble B, 8ème étage
75012 Paris
Tél : (+33) 1 70 83 85 85
info@digital.security

Paris
Atos
River Ouest
80 Quai Voltaire
95870 Bezons
Tél : (+33) 1 73 26 00 00

Auvergne - Rhône Alpes
Immeuble View One
34 rue de la soie
69100 Villeurbanne
Tél : (+33) 4 26 46 00 49
dsara@digital.security

Occitanie
Les Espaces St Martin
6 impasse Alice Guy
BP 43045
31 024 Toulouse
Tél : (+33) 6 62 49 96 91
dsocc@digital.security

Hauts-de-France
78 rue de la Chaude Rivière
59800 Lille
Tél: (+33) 6 99 28 06 60
dshdf@digital.security

Provence-Alpes-Côte d'Azur
Bâtiment Horizon
655 Avenue Galilée
BP 20140 - CEDEX 03
13794 Aix en Provence
Tél: (+33) 6 08 33 32 37
dspaca@digital.security

Nouvelle Aquitaine
Europarc Pessac
34 Avenue Leonard de Vinci
33600 Pessac
Tél: (+33) 6 62 49 96 91
dsnack@digital.security

Belgique
Da Vincilaan 5
1935 Zaventem
Tél : (+32) 496 23 73 21
contact-belux@digital.security

Luxembourg
3 rue Fontebierg
L-3225 Livange
Tél : (+352) 20 60 99 99
contact-belux@digital.security

Retrouvez-nous :