|
198401
|
4.8 |
MEDIUM
Network
|
employee_performance_evaluation_system_project
|
employee_performance_evaluation_system
|
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35272
|
2024-11-21 14:27 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198402
|
4.8 |
MEDIUM
Network
|
employee_performance_evaluation_system_project
|
employee_performance_evaluation_system
|
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35271
|
2024-11-21 14:27 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198403
|
7.5 |
HIGH
Network
|
erlang
fedoraproject
|
erlang\/otp
fedora
|
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-35733
|
2024-11-21 14:27 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198404
|
5.4 |
MEDIUM
Network
|
enviragallery
|
envira_gallery
|
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_ti…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35582
|
2024-11-21 14:27 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198405
|
5.4 |
MEDIUM
Network
|
enviragallery
|
envira_gallery
|
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the m…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35581
|
2024-11-21 14:27 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198406
|
8.8 |
HIGH
Network
|
eclipse
|
vert.x-web
|
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token …
|
CWE-352
Origin Validation Error
|
CVE-2020-35217
|
2024-11-21 14:27 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198407
|
7.2 |
HIGH
Network
|
nagios
|
nagios_xi
|
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can e…
|
CWE-78
OS Command
|
CVE-2020-35578
|
2024-11-21 14:27 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198408
|
4.3 |
MEDIUM
Network
|
php-fusion
|
phpfusion
|
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
|
CWE-352
Origin Validation Error
|
CVE-2020-35687
|
2024-11-21 14:27 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198409
|
7.8 |
HIGH
Local
|
soundresearch
|
dchu_model_software_component_modules
|
The SECOMN service in Sound Research DCHU model software component modules (APO) through 2.0.9.17, delivered on HP Windows 10 computers, may allow escalation of privilege via a fake DLL. (As a resolu…
|
CWE-426
Untrusted Search Path
|
CVE-2020-35686
|
2024-11-21 14:27 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198410
|
7.8 |
HIGH
Local
|
clusterlabs
debian
|
crmsh
debian_linux
|
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history co…
|
CWE-78
OS Command
|
CVE-2020-35459
|
2024-11-21 14:27 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
