|
198251
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5269
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198252
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5265
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198253
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5264
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198254
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop_socialfollow
|
PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0
|
CWE-79
Cross-site Scripting
|
CVE-2020-5294
|
2024-11-21 14:33 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198255
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop_linklist
|
In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0
|
CWE-79
Cross-site Scripting
|
CVE-2020-5273
|
2024-11-21 14:33 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198256
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop_link
|
In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. The problem is fixed in 3.1.0
|
CWE-79
Cross-site Scripting
|
CVE-2020-5266
|
2024-11-21 14:33 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198257
|
7.2 |
HIGH
Network
|
dell
|
emc_integrated_data_protection_appliance
|
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileg…
|
CWE-78
OS Command
|
CVE-2020-5350
|
2024-11-21 14:33 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198258
|
4.8 |
MEDIUM
Network
|
emc
|
rsa_authentication_manager
|
RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5346
|
2024-11-21 14:33 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198259
|
7.5 |
HIGH
Network
|
dell
|
r1-2210_firmware
r1-2401_firmware
pc5500_firmware
x1000_firmware
x4012_firmware
|
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77…
|
-
|
CVE-2020-5330
|
2024-11-21 14:33 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198260
|
4.9 |
MEDIUM
Network
|
auth0
|
auth0.js
|
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains t…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-5263
|
2024-11-21 14:33 |
2020-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
