|
208511
|
5.4 |
MEDIUM
Network
|
larsens_calendar_project
|
larsens_calendar
|
Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23762
|
2024-11-21 14:14 |
2021-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208512
|
6.1 |
MEDIUM
Network
|
intelliants
|
subrion
|
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23761
|
2024-11-21 14:14 |
2021-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208513
|
8.3 |
HIGH
Network
|
wcms
|
wcms
|
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identi…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-24140
|
2024-11-21 14:14 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208514
|
8.3 |
HIGH
Network
|
wcms
|
wcms
|
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-24139
|
2024-11-21 14:14 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208515
|
5.3 |
MEDIUM
Network
|
wcms
|
wcms
|
Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php.
|
CWE-22
Path Traversal
|
CVE-2020-24137
|
2024-11-21 14:14 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208516
|
6.1 |
MEDIUM
Network
|
wcms
|
wcms
|
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24135
|
2024-11-21 14:14 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208517
|
6.1 |
MEDIUM
Network
|
wcms
|
wcms
|
Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24138
|
2024-11-21 14:14 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208518
|
8.6 |
HIGH
Network
|
wcms
|
wcms
|
Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.
|
CWE-22
Path Traversal
|
CVE-2020-24136
|
2024-11-21 14:14 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208519
|
6.1 |
MEDIUM
Network
|
episerver
|
find
|
An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.
|
CWE-601
Open Redirect
|
CVE-2020-24550
|
2024-11-21 14:14 |
2021-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208520
|
9.8 |
CRITICAL
Network
|
mongo-express_project
|
mongo-express
|
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.
|
NVD-CWE-noinfo
|
CVE-2020-24391
|
2024-11-21 14:14 |
2021-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
