|
209371
|
8.1 |
HIGH
Network
|
nodebb
|
blog_comments
|
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF …
|
-
|
CVE-2020-15156
|
2024-11-21 14:04 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209372
|
9.8 |
CRITICAL
Network
|
mz-automation
|
libiec61850
|
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an appli…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2020-15158
|
2024-11-21 14:04 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209373
|
8.5 |
HIGH
Network
|
cogboard
|
red_discord_bot
|
Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to in…
|
CWE-74
Injection
|
CVE-2020-15147
|
2024-11-21 14:04 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209374
|
9.6 |
CRITICAL
Network
|
cogboard
|
red_discord_bot
|
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia …
|
CWE-74
Injection
|
CVE-2020-15140
|
2024-11-21 14:04 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209375
|
8.8 |
HIGH
Network
|
zulip
|
zulip_server
|
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
|
CWE-94
Code Injection
|
CVE-2020-15070
|
2024-11-21 14:04 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209376
|
8.0 |
HIGH
Network
|
openmage
magento
|
openmage_long_term_support
magento
|
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. …
|
CWE-352
Origin Validation Error
|
CVE-2020-15151
|
2024-11-21 14:04 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209377
|
8.8 |
HIGH
Network
|
sylius
|
syliusresourcebundle
|
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized prop…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2020-15146
|
2024-11-21 14:04 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209378
|
8.8 |
HIGH
Network
|
sylius
|
syliusresourcebundle
|
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized pro…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2020-15143
|
2024-11-21 14:04 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209379
|
5.4 |
MEDIUM
Network
|
auth0
|
lock
|
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-s…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15119
|
2024-11-21 14:04 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209380
|
9.9 |
CRITICAL
Network
|
nodebb
|
nodebb
|
NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially …
|
CWE-287
Improper Authentication
|
CVE-2020-15149
|
2024-11-21 14:04 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
