|
208621
|
6.1 |
MEDIUM
Network
|
hgiga
|
msr45_isherlock-antispam
msr45_isherlock-user
ssr45_isherlock-antispam
ssr45_isherlock-user
|
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35741
|
2024-11-21 14:27 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208622
|
6.1 |
MEDIUM
Network
|
hgiga
|
msr45_isherlock-antispam
msr45_isherlock-user
ssr45_isherlock-antispam
ssr45_isherlock-user
|
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35740
|
2024-11-21 14:27 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208623
|
7.5 |
HIGH
Network
|
newgensoft
|
egov
|
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Objec…
|
NVD-CWE-Other
|
CVE-2020-35737
|
2024-11-21 14:27 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208624
|
4.8 |
MEDIUM
Network
|
flatpress
|
flatpress
|
FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35241
|
2024-11-21 14:27 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208625
|
4.8 |
MEDIUM
Network
|
fluxbb
|
fluxbb
|
FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will …
|
CWE-79
Cross-site Scripting
|
CVE-2020-35240
|
2024-11-21 14:27 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208626
|
4.7 |
MEDIUM
Network
|
vidyo
|
vidyo
|
Vidyo 02-09-/D allows clickjacking via the portal/ URI.
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-35735
|
2024-11-21 14:27 |
2020-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208627
|
6.1 |
MEDIUM
Network
|
roundcube
fedoraproject
debian
|
webmail
fedora
debian_linux
|
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference el…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35730
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208628
|
7.5 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.
|
CWE-20
Improper Input Validation
|
CVE-2020-35616
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208629
|
6.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.
|
CWE-352
Origin Validation Error
|
CVE-2020-35615
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208630
|
5.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.
|
NVD-CWE-noinfo
|
CVE-2020-35614
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
