|
212131
|
5.4 |
MEDIUM
Network
|
themeboy
|
sportspress
|
The SportsPress plugin before 2.7.2 for WordPress allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13892
|
2024-11-21 14:02 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212132
|
4.8 |
MEDIUM
Network
|
opencart
|
opencart
|
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists becau…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13980
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212133
|
7.2 |
HIGH
Network
|
monstra
|
monstra_cms
|
Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the …
|
CWE-78
OS Command
|
CVE-2020-13978
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212134
|
4.9 |
MEDIUM
Network
|
nagios
fedoraproject
|
nagios
fedora
|
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of t…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2020-13977
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212135
|
8.8 |
HIGH
Network
|
dd-wrt
|
dd-wrt
|
An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation…
|
CWE-78
OS Command
|
CVE-2020-13976
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212136
|
7.8 |
HIGH
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in th…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-13974
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212137
|
6.1 |
MEDIUM
Network
|
owasp
|
json-sanitizer
|
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as Ja…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13973
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212138
|
6.1 |
MEDIUM
Network
|
roundcube
debian
fedoraproject
|
webmail
debian_linux
fedora
|
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13965
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212139
|
6.1 |
MEDIUM
Network
|
roundcube
fedoraproject
debian
|
webmail
fedora
debian_linux
|
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13964
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212140
|
7.5 |
HIGH
Network
|
mumble
qt
fedoraproject
opensuse
|
mumble
qt
fedora
leap
|
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors le…
|
NVD-CWE-noinfo
|
CVE-2020-13962
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
