|
216431
|
5.4 |
MEDIUM
Network
|
nedi
|
nedi
|
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15037
|
2024-11-21 14:04 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216432
|
5.4 |
MEDIUM
Network
|
nedi
|
nedi
|
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15036
|
2024-11-21 14:04 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216433
|
6.8 |
MEDIUM
Network
|
electronjs
|
electron
|
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated…
|
NVD-CWE-Other
|
CVE-2020-15096
|
2024-11-21 14:04 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216434
|
6.5 |
MEDIUM
Network
|
tendermint
|
tendermint
|
TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-15091
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216435
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6
|
CWE-79
Cross-site Scripting
|
CVE-2020-15083
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216436
|
8.8 |
HIGH
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6
|
NVD-CWE-Other
|
CVE-2020-15082
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216437
|
5.3 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.p…
|
CWE-200
Information Exposure
|
CVE-2020-15081
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216438
|
5.3 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible…
|
CWE-862
Missing Authorization
|
CVE-2020-15080
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216439
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6
|
NVD-CWE-noinfo
|
CVE-2020-15079
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216440
|
8.8 |
HIGH
Network
|
factorfx
|
open_computer_software_inventory_next_generation
|
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandl…
|
CWE-78
OS Command
|
CVE-2020-14947
|
2024-11-21 14:04 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
