CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35121
https://notcve.org/view.php?id=CVE-2020-35121
15 Dec 2020 — An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro. Se detectó un problema en el plugin Keysight Database Connector versiones anteriores a 1.5.0 para Confluence. Un usuario malicioso podría insertar JavaScript arbitrario en los parámetros macro guardados que podrían ejecutarse cuando un usuario visualizaba... • https://bitbucket.org/keysight/keysight-plugins-for-atlassian-products/wiki/Confluence%20Plugins/Database%20Plugin •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35122
https://notcve.org/view.php?id=CVE-2020-35122
15 Dec 2020 — An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection. Se detectó un problema en el plugin Keysight Database Connector versiones anteriores a 1.5.0 para Confluence. Un usuario malicioso podría omitir los controles de acceso para usar un perfil de conexión de base de datos guardado para enviar SQL arbitrario c... • https://bitbucket.org/keysight/keysight-plugins-for-atlassian-products/wiki/Confluence%20Plugins/Database%20Plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •