The Bundeswehr Karriere portal suffered from multiple cross site scripting vulnerabilities.
>> ARCHIVE: 2020-04
DedeCMS version 7.5 SP2 suffers from multiple cross site scripting vulnerabilities.
DedeCMS version 7.5 SP2 suffers from multiple persistent cross site scripting vulnerabilities.
SuperBackup version 2.0.5 for iOS suffers from a persistent cross site scripting vulnerability.
File Transfer iFamily version 2.1 suffers from a directory traversal vulnerability.
Macs Framework version 1.14f suffers from cross site scripting and remote SQL injection vulnerabilities.
SeedDMS version 5.1.18 suffers from multiple persistent cross site scripting vulnerabilities.
AirDisk Pro version 5.5.3 for iOS suffers from multiple persistent cross site scripting vulnerabilities.
Microsoft Windows suffers from an NtFilterToken ParentTokenId incorrect setting that allows for elevation of privileges.
In Microsoft Windows, by using the poorly documented SE_SERVER_SECURITY Control flag it is possible to set an owner different to the caller, bypassing security checks.