|
208031
|
6.1 |
MEDIUM
Network
|
seacms
|
seacms
|
A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26642
|
2024-11-21 14:20 |
2021-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208032
|
8.8 |
HIGH
Network
|
idreamsoft
|
icms
|
A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.
|
CWE-352
Origin Validation Error
|
CVE-2020-26641
|
2024-11-21 14:20 |
2021-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208033
|
5.4 |
MEDIUM
Network
|
vfairs
|
vfairs
|
In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the databas…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26680
|
2024-11-21 14:20 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208034
|
4.3 |
MEDIUM
Network
|
vfairs
|
vfairs
|
vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user'…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-26679
|
2024-11-21 14:20 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208035
|
8.8 |
HIGH
Network
|
vfairs
|
vfairs
|
vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP f…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26678
|
2024-11-21 14:20 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208036
|
8.8 |
HIGH
Network
|
vfairs
|
vfairs
|
Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API.
|
CWE-89
SQL Injection
|
CVE-2020-26677
|
2024-11-21 14:20 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208037
|
8.1 |
HIGH
Adjacent
|
bluetooth
|
mesh_profile
|
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without posse…
|
CWE-863
Incorrect Authorization
|
CVE-2020-26560
|
2024-11-21 14:20 |
2021-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208038
|
8.8 |
HIGH
Adjacent
|
bluetooth
|
mesh_profile
|
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s …
|
CWE-863
Incorrect Authorization
|
CVE-2020-26559
|
2024-11-21 14:20 |
2021-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208039
|
4.2 |
MEDIUM
Adjacent
|
bluetooth
fedoraproject
debian
linux
intel
|
bluetooth_core_specification
fedora
debian_linux
linux_kernel
ax210_firmware
ax201_firmware
ax200_firmware
ac_9560_firmware
ac_9462_firmware
ac_9461_firmware
ac_9260_fir…
|
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authe…
|
CWE-287
Improper Authentication
|
CVE-2020-26558
|
2024-11-21 14:20 |
2021-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208040
|
7.5 |
HIGH
Adjacent
|
bluetooth
|
mesh_profile
|
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute…
|
CWE-287
Improper Authentication
|
CVE-2020-26557
|
2024-11-21 14:20 |
2021-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
