|
210491
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15020
|
2024-11-21 14:04 |
2020-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210492
|
7.6 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script f…
|
-
|
CVE-2020-15159
|
2024-11-21 14:04 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210493
|
7.3 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. Th…
|
-
|
CVE-2020-15155
|
2024-11-21 14:04 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210494
|
7.3 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_field…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15154
|
2024-11-21 14:04 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210495
|
9.1 |
CRITICAL
Network
|
chameleon_mini_live_debugger_project
|
chameleon_mini_live_debugger
|
Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending …
|
-
|
CVE-2020-15165
|
2024-11-21 14:04 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210496
|
10.0 |
CRITICAL
Network
|
scratch-wiki
|
scratch_login
|
in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whit…
|
CWE-74
Injection
|
CVE-2020-15164
|
2024-11-21 14:04 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210497
|
8.1 |
HIGH
Network
|
nodebb
|
blog_comments
|
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF …
|
-
|
CVE-2020-15156
|
2024-11-21 14:04 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210498
|
9.8 |
CRITICAL
Network
|
mz-automation
|
libiec61850
|
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an appli…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2020-15158
|
2024-11-21 14:04 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210499
|
8.5 |
HIGH
Network
|
cogboard
|
red_discord_bot
|
Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to in…
|
CWE-74
Injection
|
CVE-2020-15147
|
2024-11-21 14:04 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210500
|
9.6 |
CRITICAL
Network
|
cogboard
|
red_discord_bot
|
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia …
|
CWE-74
Injection
|
CVE-2020-15140
|
2024-11-21 14:04 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
