|
209811
|
5.4 |
MEDIUM
Network
|
thedaylightstudio
|
fuel_cms
|
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26046
|
2024-11-21 14:19 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209812
|
9.8 |
CRITICAL
Network
|
thedaylightstudio
|
fuel_cms
|
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit …
|
CWE-89
SQL Injection
|
CVE-2020-26045
|
2024-11-21 14:19 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209813
|
6.1 |
MEDIUM
Network
|
rust-lang
|
mdbook
|
mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which co…
|
-
|
CVE-2020-26297
|
2024-11-21 14:19 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209814
|
5.3 |
MEDIUM
Network
|
target
|
compiler
|
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server c…
|
-
|
CVE-2020-26294
|
2024-11-21 14:19 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209815
|
6.1 |
MEDIUM
Network
|
htmlsanitizer_project
|
htmlsanitizer
|
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if styl…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26293
|
2024-11-21 14:19 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209816
|
9.8 |
CRITICAL
Network
|
chatter-social
|
creeper
|
Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours betw…
|
-
|
CVE-2020-26292
|
2024-11-21 14:19 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209817
|
8.8 |
HIGH
Network
|
qdpm
|
qdpm
|
qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-26165
|
2024-11-21 14:19 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209818
|
8.7 |
HIGH
Network
|
vega_project
|
vega
|
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulner…
|
-
|
CVE-2020-26296
|
2024-11-21 14:19 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209819
|
6.5 |
MEDIUM
Network
|
uri.js_project
|
uri.js
|
URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (`\`) character followed by an at (`@`) character. I…
|
-
|
CVE-2020-26291
|
2024-11-21 14:19 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209820
|
6.5 |
MEDIUM
Network
|
parseplatform
|
parse-server
|
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords invol…
|
-
|
CVE-2020-26288
|
2024-11-21 14:19 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
