Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 result

CVE-2020-13959

Medium priority

Some fixes available 3 of 7

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this...

1 affected packages

velocity-tools

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
velocity-tools Not affected Fixed Fixed Fixed
Show less packages