|
208581
|
9.8 |
CRITICAL
Network
|
egavilanmedia
|
user_registration_and_login_system_with_admin_panel
|
EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.
|
CWE-89
SQL Injection
|
CVE-2020-35263
|
2024-11-21 14:27 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208582
|
8.8 |
HIGH
Network
|
cakefoundation
|
cakephp
|
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to a…
|
CWE-352
Origin Validation Error
|
CVE-2020-35239
|
2024-11-21 14:27 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208583
|
4.8 |
MEDIUM
Network
|
employee_performance_evaluation_system_project
|
employee_performance_evaluation_system
|
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35272
|
2024-11-21 14:27 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208584
|
4.8 |
MEDIUM
Network
|
employee_performance_evaluation_system_project
|
employee_performance_evaluation_system
|
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35271
|
2024-11-21 14:27 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208585
|
7.5 |
HIGH
Network
|
erlang
fedoraproject
|
erlang\/otp
fedora
|
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-35733
|
2024-11-21 14:27 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208586
|
5.4 |
MEDIUM
Network
|
enviragallery
|
envira_gallery
|
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_ti…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35582
|
2024-11-21 14:27 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208587
|
5.4 |
MEDIUM
Network
|
enviragallery
|
envira_gallery
|
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the m…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35581
|
2024-11-21 14:27 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208588
|
8.8 |
HIGH
Network
|
eclipse
|
vert.x-web
|
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token …
|
CWE-352
Origin Validation Error
|
CVE-2020-35217
|
2024-11-21 14:27 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208589
|
7.2 |
HIGH
Network
|
nagios
|
nagios_xi
|
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can e…
|
CWE-78
OS Command
|
CVE-2020-35578
|
2024-11-21 14:27 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208590
|
4.3 |
MEDIUM
Network
|
php-fusion
|
phpfusion
|
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
|
CWE-352
Origin Validation Error
|
CVE-2020-35687
|
2024-11-21 14:27 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
