|
220681
|
6.1 |
MEDIUM
Network
|
atutor
|
atutor
|
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7172
|
2024-11-21 13:47 |
2019-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220682
|
4.8 |
MEDIUM
Network
|
croogo
|
croogo
|
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7171
|
2024-11-21 13:47 |
2019-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220683
|
4.8 |
MEDIUM
Network
|
croogo
|
croogo
|
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7170
|
2024-11-21 13:47 |
2019-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220684
|
4.8 |
MEDIUM
Network
|
croogo
|
croogo
|
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7169
|
2024-11-21 13:47 |
2019-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220685
|
4.8 |
MEDIUM
Network
|
croogo
|
croogo
|
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7168
|
2024-11-21 13:47 |
2019-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220686
|
9.8 |
CRITICAL
Network
|
idreamsoft
|
icms
|
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.p…
|
CWE-22
Path Traversal
|
CVE-2019-7160
|
2024-11-21 13:47 |
2019-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220687
|
6.5 |
MEDIUM
Network
|
libdoc_project
|
libdoc
|
In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero.
|
CWE-369
Divide By Zero
|
CVE-2019-7156
|
2024-11-21 13:47 |
2019-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220688
|
6.5 |
MEDIUM
Network
|
webassembly
|
binaryen
|
The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-7154
|
2024-11-21 13:47 |
2019-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220689
|
6.5 |
MEDIUM
Network
|
webassembly
|
binaryen
|
A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A cr…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-7153
|
2024-11-21 13:47 |
2019-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220690
|
6.5 |
MEDIUM
Network
|
webassembly
|
binaryen
|
A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-7152
|
2024-11-21 13:47 |
2019-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
