|
208901
|
6.1 |
MEDIUM
Network
|
get-simple
|
getsimplecms
|
GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.
|
CWE-601
Open Redirect
|
CVE-2020-18660
|
2024-11-21 14:08 |
2021-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208902
|
6.1 |
MEDIUM
Network
|
get-simple
|
getsimplecms
|
Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php
|
CWE-79
Cross-site Scripting
|
CVE-2020-18659
|
2024-11-21 14:08 |
2021-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208903
|
6.1 |
MEDIUM
Network
|
get-simple
|
getsimplecms
|
Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-18658
|
2024-11-21 14:08 |
2021-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208904
|
6.1 |
MEDIUM
Network
|
get-simple
|
getsimplecms
|
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.
|
CWE-79
Cross-site Scripting
|
CVE-2020-18657
|
2024-11-21 14:08 |
2021-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208905
|
6.1 |
MEDIUM
Network
|
wuzhicms
|
wuzhicms
|
Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".
|
CWE-79
Cross-site Scripting
|
CVE-2020-18654
|
2024-11-21 14:08 |
2021-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208906
|
8.8 |
HIGH
Network
|
juqingcms
|
juqingcms
|
Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component "JuQingCMS_v1.0/admin/index.php?c=administrator&a=add".
|
CWE-352
Origin Validation Error
|
CVE-2020-18648
|
2024-11-21 14:08 |
2021-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208907
|
7.5 |
HIGH
Network
|
5none
|
nonecms
|
Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor".
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-18647
|
2024-11-21 14:08 |
2021-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208908
|
7.5 |
HIGH
Network
|
5none
|
nonecms
|
Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-18646
|
2024-11-21 14:08 |
2021-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208909
|
3.3 |
LOW
Local
|
zziplib_project
debian
fedoraproject
|
zziplib
debian_linux
fedora
|
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-18442
|
2024-11-21 14:08 |
2021-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208910
|
6.1 |
MEDIUM
Network
|
zblogcn
|
z-blogphp
|
Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php."
|
CWE-601
Open Redirect
|
CVE-2020-18268
|
2024-11-21 14:08 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
