|
209701
|
6.1 |
MEDIUM
Network
|
jeesns
|
jeesns
|
Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.jav…
|
CWE-79
Cross-site Scripting
|
CVE-2020-18035
|
2024-11-21 14:08 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209702
|
7.8 |
HIGH
Local
|
graphviz
debian
fedoraproject
|
graphviz
debian_linux
fedora
|
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-18032
|
2024-11-21 14:08 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209703
|
6.1 |
MEDIUM
Network
|
qibosoft
|
qibocms
|
Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-18022
|
2024-11-21 14:08 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209704
|
6.1 |
MEDIUM
Network
|
1234n
|
minicms
|
Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component "/mc-admin/post-edit.php".
|
CWE-79
Cross-site Scripting
|
CVE-2020-17999
|
2024-11-21 14:08 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209705
|
9.8 |
CRITICAL
Network
|
phpshe
|
mall_system
|
SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" compo…
|
CWE-89
SQL Injection
|
CVE-2020-18020
|
2024-11-21 14:08 |
2021-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209706
|
7.5 |
HIGH
Network
|
xinfu
|
oa_system
|
SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "m…
|
CWE-89
SQL Injection
|
CVE-2020-18019
|
2024-11-21 14:08 |
2021-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209707
|
7.5 |
HIGH
Network
|
apache
|
ozone
|
The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl comma…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-17517
|
2024-11-21 14:08 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209708
|
5.4 |
MEDIUM
Network
|
dotcms
|
dotcms
|
Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" co…
|
CWE-79
Cross-site Scripting
|
CVE-2020-17542
|
2024-11-21 14:08 |
2021-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209709
|
9.1 |
CRITICAL
Network
|
feifeicms
|
feifeicms
|
Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component.
|
CWE-22
Path Traversal
|
CVE-2020-17564
|
2024-11-21 14:08 |
2021-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209710
|
9.1 |
CRITICAL
Network
|
feifeicms
|
feifeicms
|
Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " /index.php?s=/admin-tpl-del&id=".
|
CWE-22
Path Traversal
|
CVE-2020-17563
|
2024-11-21 14:08 |
2021-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
