|
208851
|
5.4 |
MEDIUM
Network
|
s-cms
|
s-cms
|
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19158
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208852
|
6.1 |
MEDIUM
Network
|
wenkucms_project
|
wenkucms
|
Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19157
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208853
|
5.4 |
MEDIUM
Network
|
ari-soft
|
ari_adminer
|
Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19156
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208854
|
8.8 |
HIGH
Network
|
jflyfox
|
jfinal_cms
|
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-19155
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208855
|
6.5 |
MEDIUM
Network
|
jflyfox
|
jfinal_cms
|
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileMa…
|
CWE-22
Path Traversal
|
CVE-2020-19154
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208856
|
8.8 |
HIGH
Network
|
jflyfox
|
jfinal_cms
|
Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
|
CWE-77
Command Injection
|
CVE-2020-19151
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208857
|
8.1 |
HIGH
Network
|
jflyfox
|
jfinal_cms
|
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component …
|
CWE-22
Path Traversal
|
CVE-2020-19150
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208858
|
5.4 |
MEDIUM
Network
|
jflyfox
|
jfinal_cms
|
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19148
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208859
|
6.5 |
MEDIUM
Network
|
jflyfox
|
jfinal_cms
|
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java…
|
CWE-22
Path Traversal
|
CVE-2020-19147
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208860
|
6.5 |
MEDIUM
Network
|
jflyfox
|
jfinal_cms
|
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.
|
CWE-22
Path Traversal
|
CVE-2020-19146
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
