|
208921
|
9.8 |
CRITICAL
Network
|
hongcms_project
|
hongcms
|
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."
|
CWE-22
Path Traversal
|
CVE-2020-18178
|
2024-11-21 14:08 |
2021-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208922
|
8.8 |
HIGH
Network
|
pluck-cms
|
pluck
|
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."
|
CWE-352
Origin Validation Error
|
CVE-2020-18198
|
2024-11-21 14:08 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208923
|
8.8 |
HIGH
Network
|
pluck-cms
|
pluck
|
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
|
CWE-352
Origin Validation Error
|
CVE-2020-18195
|
2024-11-21 14:08 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208924
|
6.1 |
MEDIUM
Network
|
emlog
|
emlog
|
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
|
CWE-79
Cross-site Scripting
|
CVE-2020-18194
|
2024-11-21 14:08 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208925
|
6.1 |
MEDIUM
Network
|
tp-link
|
archer_c1200_firmware
|
TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code.
|
CWE-79
Cross-site Scripting
|
CVE-2020-17891
|
2024-11-21 14:08 |
2021-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208926
|
4.8 |
MEDIUM
Network
|
laobancms
|
laobancms
|
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".
|
CWE-79
Cross-site Scripting
|
CVE-2020-18167
|
2024-11-21 14:08 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208927
|
9.8 |
CRITICAL
Network
|
laobancms
|
laobancms
|
Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-18166
|
2024-11-21 14:08 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208928
|
4.8 |
MEDIUM
Network
|
laobancms
|
laobancms
|
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
|
CWE-79
Cross-site Scripting
|
CVE-2020-18165
|
2024-11-21 14:08 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208929
|
8.8 |
HIGH
Network
|
forestblog_project
|
forestblog
|
Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges.
|
CWE-352
Origin Validation Error
|
CVE-2020-18964
|
2024-11-21 14:08 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208930
|
6.1 |
MEDIUM
Network
|
hotels_server_project
|
hotels_server
|
Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".
|
CWE-79
Cross-site Scripting
|
CVE-2020-18102
|
2024-11-21 14:08 |
2021-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
