|
210071
|
6.1 |
MEDIUM
Network
|
dedecms
|
dedecms
|
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23046
|
2024-11-21 14:13 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210072
|
7.2 |
HIGH
Network
|
macs_cms_project
|
macs_cms
|
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules.
|
CWE-89
SQL Injection
|
CVE-2020-23045
|
2024-11-21 14:13 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210073
|
5.4 |
MEDIUM
Network
|
dedecms
|
dedecms
|
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor`…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23044
|
2024-11-21 14:13 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210074
|
8.8 |
HIGH
Network
|
air_sender_project
|
air_sender
|
Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-23043
|
2024-11-21 14:13 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210075
|
6.1 |
MEDIUM
Network
|
dropouts
|
super_backup
|
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23042
|
2024-11-21 14:13 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210076
|
6.1 |
MEDIUM
Network
|
dropouts
|
air_share
|
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23041
|
2024-11-21 14:13 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210077
|
7.5 |
HIGH
Network
|
sky_file_project
|
sky_file
|
Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands.
|
CWE-22
Path Traversal
|
CVE-2020-23040
|
2024-11-21 14:13 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210078
|
5.4 |
MEDIUM
Network
|
newsoftwares
|
folder_lock
|
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute …
|
CWE-79
Cross-site Scripting
|
CVE-2020-23039
|
2024-11-21 14:13 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210079
|
7.5 |
HIGH
Network
|
kumilabs
|
swift_file_transfer
|
Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including n…
|
CWE-22
Path Traversal
|
CVE-2020-23038
|
2024-11-21 14:13 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210080
|
9.8 |
CRITICAL
Network
|
portable
|
playable
|
Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.
|
CWE-94
Code Injection
|
CVE-2020-23037
|
2024-11-21 14:13 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
