|
199911
|
6.1 |
MEDIUM
Network
|
directoriespro
|
directories_pro
|
A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a s…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29304
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199912
|
6.1 |
MEDIUM
Network
|
directoriespro
|
directories_pro
|
A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29303
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199913
|
5.3 |
MEDIUM
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sens…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-28861
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199914
|
8.8 |
HIGH
Network
|
openasset
|
digital_asset_management
|
OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.
|
CWE-89
SQL Injection
|
CVE-2020-28860
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199915
|
6.1 |
MEDIUM
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28859
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199916
|
8.8 |
HIGH
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forger…
|
CWE-352
Origin Validation Error
|
CVE-2020-28858
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199917
|
6.1 |
MEDIUM
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28857
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199918
|
7.5 |
HIGH
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-28856
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199919
|
9.8 |
CRITICAL
Network
|
car_rental_management_system_project
|
car_rental_management_system
|
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, t…
|
NVD-CWE-noinfo
|
CVE-2020-29227
|
2024-11-21 14:23 |
2020-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199920
|
8.8 |
HIGH
Network
|
tiki
|
tikiwiki_cms\/groupware
|
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary a…
|
CWE-352
Origin Validation Error
|
CVE-2020-29254
|
2024-11-21 14:23 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
