|
208371
|
8.8 |
HIGH
Network
|
fork-cms
|
fork_cms
|
Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.
|
CWE-352
Origin Validation Error
|
CVE-2020-23264
|
2024-11-21 14:13 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208372
|
6.1 |
MEDIUM
Network
|
fork-cms
|
fork_cms
|
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23263
|
2024-11-21 14:13 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208373
|
4.9 |
MEDIUM
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to …
|
CWE-269
Improper Privilege Management
|
CVE-2020-23128
|
2024-11-21 14:13 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208374
|
8.8 |
HIGH
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
|
CWE-352
Origin Validation Error
|
CVE-2020-23127
|
2024-11-21 14:13 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208375
|
4.8 |
MEDIUM
Network
|
solarwinds
|
serv-u_ftp_server
serv-u_mft_server
|
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
|
CWE-79
Cross-site Scripting
|
CVE-2020-22428
|
2024-11-21 14:13 |
2021-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208376
|
9.8 |
CRITICAL
Network
|
guojusoft
|
jeecg
|
Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?common…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-23083
|
2024-11-21 14:13 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208377
|
6.1 |
MEDIUM
Network
|
opnsense
|
opnsense
|
An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website.
|
CWE-601
Open Redirect
|
CVE-2020-23015
|
2024-11-21 14:13 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208378
|
6.1 |
MEDIUM
Network
|
fecmall_project
|
fecmall
|
An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulnerability in the check cart page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-22808
|
2024-11-21 14:13 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208379
|
9.8 |
CRITICAL
Network
|
vtiger
|
vtiger_crm
|
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.
|
CWE-89
SQL Injection
|
CVE-2020-22807
|
2024-11-21 14:13 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208380
|
7.5 |
HIGH
Network
|
inim
|
smartliving_505_firmware
smartliving_515_firmware
smartliving_1050_firmware
smartliving_1050g3_firmware
smartliving_10100l_firmware
smartliving_10100lg3_firmware
|
An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-22002
|
2024-11-21 14:13 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
