Skip to content

Instantly share code, notes, and snippets.

CVE-2020-11976 - Apache wicket LFI / markup file read vulnerability, coming soon.
------------------------------------------
Mariusz Popłwski / AFINE.com team
CVE-2019-19129 - Remote Stored XSS in attachment’s name
------------------------------------------
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.
Afterlogic blog post:
https://auroramail.wordpress.com/2019/11/25/vulnerability-closed-in-webmail-and-aurora-remote-stored-xss-in-attachments-name/
Mariusz Popłwski / AFINE.com team
CVE-2020-13443
https://gist.github.com/mariuszpoplawski/703586aa068bdad21f2c098f396ce04f
------------------------------------------
[Suggested description]
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via
Compose Msg, Add attachment, and Save As Draft actions.
CVE-2020-13700
https://gist.github.com/mariuszpoplawski/b5fc9fdbf5469ed139e114a913dcf3ba
------------------------------------------
[Suggested description]
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress.
It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a
CVE-2020-13484
https://gist.github.com/mariuszpoplawski/26e1fbde8f9a607478bee1de90daa329
------------------------------------------
Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in
the services/main/ajax.php?action=attachUrlPreview url parameter, if
https://gist.github.com/mariuszpoplawski/44c5dd8ca1c40ebbacd119505254195e
CVE-2020-13483
------------------------------------------
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via
the items[ITEMS][ID] parameter to the
components/bitrix/mobileapp.list/ajax.php/ URI.