|
208401
|
4.8 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
|
CWE-79
Cross-site Scripting
|
CVE-2020-22841
|
2024-11-21 14:13 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208402
|
6.1 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_pas…
|
CWE-601
Open Redirect
|
CVE-2020-22840
|
2024-11-21 14:13 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208403
|
9.8 |
CRITICAL
Network
|
phplist
|
phplist
|
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
|
NVD-CWE-noinfo
|
CVE-2020-23361
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208404
|
9.8 |
CRITICAL
Network
|
oscommerce
|
oscommerce
|
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/passw…
|
CWE-697
Incorrect Comparison
|
CVE-2020-23360
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208405
|
9.8 |
CRITICAL
Network
|
webidsupport
|
webid
|
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can…
|
CWE-697
Incorrect Comparison
|
CVE-2020-23359
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208406
|
7.5 |
HIGH
Network
|
nibbleblog
|
nibbleblog
|
dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followe…
|
NVD-CWE-noinfo
|
CVE-2020-23356
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208407
|
7.5 |
HIGH
Network
|
codiad
|
codiad
|
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords f…
|
NVD-CWE-noinfo
|
CVE-2020-23355
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208408
|
7.5 |
HIGH
Network
|
zblogcn
|
z-blogphp
|
Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_inp…
|
NVD-CWE-Other
|
CVE-2020-23352
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208409
|
7.5 |
HIGH
Network
|
newbee-mall_project
|
newbee-mall
|
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information t…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-23449
|
2024-11-21 14:13 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208410
|
9.8 |
CRITICAL
Network
|
newbee-mall_project
|
newbee-mall
|
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code…
|
CWE-306
CWE-706
Missing Authentication for Critical Function
Use of Incorrectly-Resolved Name or Reference
|
CVE-2020-23448
|
2024-11-21 14:13 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
