|
209661
|
4.8 |
MEDIUM
Network
|
phpmywind
|
phpmywind
|
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php".
|
CWE-79
Cross-site Scripting
|
CVE-2020-18230
|
2024-11-21 14:08 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209662
|
4.8 |
MEDIUM
Network
|
phpmywind
|
phpmywind
|
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php".
|
CWE-79
Cross-site Scripting
|
CVE-2020-18229
|
2024-11-21 14:08 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209663
|
7.4 |
HIGH
Network
|
apache
|
fineract
|
Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful.
|
NVD-CWE-Other
|
CVE-2020-17514
|
2024-11-21 14:08 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209664
|
6.1 |
MEDIUM
Network
|
typora
|
typora
|
Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula.
|
CWE-79
Cross-site Scripting
|
CVE-2020-18221
|
2024-11-21 14:08 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209665
|
7.5 |
HIGH
Network
|
html-js
|
doracms
|
Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted …
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-18220
|
2024-11-21 14:08 |
2021-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209666
|
9.8 |
CRITICAL
Network
|
hongcms_project
|
hongcms
|
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."
|
CWE-22
Path Traversal
|
CVE-2020-18178
|
2024-11-21 14:08 |
2021-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209667
|
8.8 |
HIGH
Network
|
pluck-cms
|
pluck
|
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."
|
CWE-352
Origin Validation Error
|
CVE-2020-18198
|
2024-11-21 14:08 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209668
|
8.8 |
HIGH
Network
|
pluck-cms
|
pluck
|
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
|
CWE-352
Origin Validation Error
|
CVE-2020-18195
|
2024-11-21 14:08 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209669
|
6.1 |
MEDIUM
Network
|
emlog
|
emlog
|
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
|
CWE-79
Cross-site Scripting
|
CVE-2020-18194
|
2024-11-21 14:08 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209670
|
6.1 |
MEDIUM
Network
|
tp-link
|
archer_c1200_firmware
|
TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code.
|
CWE-79
Cross-site Scripting
|
CVE-2020-17891
|
2024-11-21 14:08 |
2021-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
