|
198241
|
7.6 |
HIGH
Network
|
hgiga
|
msr45_isherlock-antispam
msr45_isherlock-user
ssr45_isherlock-antispam
ssr45_isherlock-user
|
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.
|
CWE-89
SQL Injection
|
CVE-2020-35743
|
2024-11-21 14:27 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198242
|
7.6 |
HIGH
Network
|
hgiga
|
msr45_isherlock-antispam
msr45_isherlock-user
ssr45_isherlock-antispam
ssr45_isherlock-user
|
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.
|
CWE-89
SQL Injection
|
CVE-2020-35742
|
2024-11-21 14:27 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198243
|
6.1 |
MEDIUM
Network
|
hgiga
|
msr45_isherlock-antispam
msr45_isherlock-user
ssr45_isherlock-antispam
ssr45_isherlock-user
|
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35741
|
2024-11-21 14:27 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198244
|
6.1 |
MEDIUM
Network
|
hgiga
|
msr45_isherlock-antispam
msr45_isherlock-user
ssr45_isherlock-antispam
ssr45_isherlock-user
|
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35740
|
2024-11-21 14:27 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198245
|
7.5 |
HIGH
Network
|
newgensoft
|
egov
|
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Objec…
|
NVD-CWE-Other
|
CVE-2020-35737
|
2024-11-21 14:27 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198246
|
4.8 |
MEDIUM
Network
|
flatpress
|
flatpress
|
FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35241
|
2024-11-21 14:27 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198247
|
4.8 |
MEDIUM
Network
|
fluxbb
|
fluxbb
|
FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will …
|
CWE-79
Cross-site Scripting
|
CVE-2020-35240
|
2024-11-21 14:27 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198248
|
4.7 |
MEDIUM
Network
|
vidyo
|
vidyo
|
Vidyo 02-09-/D allows clickjacking via the portal/ URI.
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-35735
|
2024-11-21 14:27 |
2020-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198249
|
6.1 |
MEDIUM
Network
|
roundcube
fedoraproject
debian
|
webmail
fedora
debian_linux
|
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference el…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35730
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198250
|
7.5 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.
|
CWE-20
Improper Input Validation
|
CVE-2020-35616
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
