|
208261
|
6.1 |
MEDIUM
Network
|
codoforum
|
codoforum
|
Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'
|
CWE-79
Cross-site Scripting
|
CVE-2020-21845
|
2024-11-21 14:12 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208262
|
6.1 |
MEDIUM
Network
|
sagemcom
|
f\@st_3686_firmware
|
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
|
CWE-79
Cross-site Scripting
|
CVE-2020-21733
|
2024-11-21 14:12 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208263
|
6.1 |
MEDIUM
Network
|
rukovoditel
|
rukovoditel
|
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
|
CWE-79
Cross-site Scripting
|
CVE-2020-21732
|
2024-11-21 14:12 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208264
|
6.1 |
MEDIUM
Network
|
gazie_project
|
gazie
|
Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the w…
|
CWE-79
Cross-site Scripting
|
CVE-2020-21731
|
2024-11-21 14:12 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208265
|
6.1 |
MEDIUM
Network
|
appsaloon
|
wp-gdpr
|
controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20628
|
2024-11-21 14:12 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208266
|
5.3 |
MEDIUM
Network
|
givewp
|
givewp
|
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-20627
|
2024-11-21 14:12 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208267
|
5.4 |
MEDIUM
Network
|
lara\'s_google_analytics_project
|
lara\'s_google_analytics
|
lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20626
|
2024-11-21 14:12 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208268
|
7.5 |
HIGH
Network
|
slicedinvoices
|
sliced_invoices
|
Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.
|
CWE-89
SQL Injection
|
CVE-2020-20625
|
2024-11-21 14:12 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208269
|
5.4 |
MEDIUM
Network
|
cookielawinfo
|
gdpr_cookie_consent
|
ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated…
|
CWE-79
Cross-site Scripting
|
CVE-2020-20633
|
2024-11-21 14:12 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208270
|
6.5 |
MEDIUM
Network
|
elementor
|
website_builder
|
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog.
|
NVD-CWE-noinfo
|
CVE-2020-20634
|
2024-11-21 14:12 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
