|
215051
|
6.1 |
MEDIUM
Network
|
cross_domain_local_storage_project
|
cross_domain_local_storage
|
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the…
|
CWE-601
Open Redirect
|
CVE-2020-11611
|
2024-11-21 13:58 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215052
|
8.8 |
HIGH
Network
|
cross_domain_local_storage_project
|
cross_domain_local_storage
|
An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() funct…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-11610
|
2024-11-21 13:58 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215053
|
4.3 |
MEDIUM
Physics
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid des…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-11609
|
2024-11-21 13:58 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215054
|
7.8 |
HIGH
Local
|
nchsoftware
|
express_invoice
|
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-11560
|
2024-11-21 13:58 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215055
|
6.1 |
MEDIUM
Network
|
rankmath
|
seo
|
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection …
|
CWE-601
Open Redirect
|
CVE-2020-11515
|
2024-11-21 13:58 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215056
|
9.8 |
CRITICAL
Network
|
rankmath
|
seo
|
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileg…
|
CWE-862
Missing Authorization
|
CVE-2020-11514
|
2024-11-21 13:58 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215057
|
5.4 |
MEDIUM
Network
|
idxbroker
|
impress_for_idx_broker
|
Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11512
|
2024-11-21 13:58 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215058
|
5.4 |
MEDIUM
Network
|
contact-form-7-datepicker_project
|
contact-form-7-datepicker
|
Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the un…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11516
|
2024-11-21 13:58 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215059
|
8.8 |
HIGH
Network
|
nchsoftware
|
express_invoice
|
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2020-11561
|
2024-11-21 13:58 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215060
|
4.3 |
MEDIUM
Physics
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoin…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-11608
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
