|
209551
|
6.1 |
MEDIUM
Network
|
homeautomation_project
|
homeautomation
|
HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being…
|
CWE-79
Cross-site Scripting
|
CVE-2020-21987
|
2024-11-21 14:12 |
2021-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209552
|
4.8 |
MEDIUM
Network
|
x2engine
|
x2crm
|
Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fiel…
|
CWE-79
Cross-site Scripting
|
CVE-2020-21088
|
2024-11-21 14:12 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209553
|
6.1 |
MEDIUM
Network
|
x2engine
|
x2crm
|
Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Modul…
|
CWE-79
Cross-site Scripting
|
CVE-2020-21087
|
2024-11-21 14:12 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209554
|
8.8 |
HIGH
Network
|
indionetworks
|
unibox_u50_firmware
unibox_u500_firmware
unibox_u1000_firmware
unibox_u2500_firmware
unibox_u5000_firmware
|
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduse…
|
CWE-352
Origin Validation Error
|
CVE-2020-21884
|
2024-11-21 14:12 |
2021-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209555
|
8.8 |
HIGH
Network
|
indionetworks
|
unibox_u50_firmware
unibox_u500_firmware
unibox_u1000_firmware
unibox_u2500_firmware
unibox_u5000_firmware
|
Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.
|
CWE-78
OS Command
|
CVE-2020-21883
|
2024-11-21 14:12 |
2021-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209556
|
4.3 |
MEDIUM
Network
|
wuzhicms
|
wuzhicms
|
Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.
|
CWE-22
Path Traversal
|
CVE-2020-21590
|
2024-11-21 14:12 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209557
|
5.5 |
MEDIUM
Local
|
coreftp
|
core_ftp
|
Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-21588
|
2024-11-21 14:12 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209558
|
9.8 |
CRITICAL
Network
|
emlog
|
emlog
|
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-21585
|
2024-11-21 14:12 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209559
|
5.4 |
MEDIUM
Network
|
seeyon
|
g6_government_collaborative_system
|
Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Collaboration System V6.1SP1, via the 'method' parameter to 'seeyon/hrSalary.do'.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20545
|
2024-11-21 14:12 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209560
|
9.8 |
CRITICAL
Network
|
inspur
|
clusterengine
|
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server
|
CWE-88
Argument Injection
|
CVE-2020-21224
|
2024-11-21 14:12 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
