|
210021
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS paylo…
|
-
|
CVE-2020-15162
|
2024-11-21 14:04 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210022
|
9.8 |
CRITICAL
Network
|
prestashop
|
prestashop
|
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8
|
CWE-89
SQL Injection
|
CVE-2020-15160
|
2024-11-21 14:04 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210023
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8
|
-
|
CVE-2020-15161
|
2024-11-21 14:04 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210024
|
10.0 |
CRITICAL
Network
|
yiiframework
|
yii
|
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaro…
|
-
|
CVE-2020-15148
|
2024-11-21 14:04 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210025
|
6.6 |
MEDIUM
Network
|
xwiki
|
xwiki
|
In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instant…
|
CWE-74
Injection
|
CVE-2020-15171
|
2024-11-21 14:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210026
|
5.5 |
MEDIUM
Local
|
avast
|
antivirus
|
An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a log…
|
CWE-212
CWE-459
Improper Removal of Sensitive Information Before Storage or Transfer
Incomplete Cleanup
|
CVE-2020-15024
|
2024-11-21 14:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210027
|
6.1 |
MEDIUM
Network
|
action_view_project
debian
fedoraproject
|
action_view
debian_linux
fedora
|
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default…
|
-
|
CVE-2020-15169
|
2024-11-21 14:04 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210028
|
7.5 |
HIGH
Network
|
zeromq
fedoraproject
debian
|
libzmq
fedora
debian_linux
|
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and con…
|
-
|
CVE-2020-15166
|
2024-11-21 14:04 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210029
|
7.0 |
HIGH
Network
|
ctrip
|
apollo
|
apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internet(which is not recommended), there are potential security issues since apoll…
|
NVD-CWE-Other
|
CVE-2020-15170
|
2024-11-21 14:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210030
|
5.3 |
MEDIUM
Network
|
node-fetch_project
|
node-fetch
|
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get throw…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-15168
|
2024-11-21 14:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
