|
210211
|
8.8 |
HIGH
Network
|
eyoucms
|
eyoucms
|
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
|
CWE-352
Origin Validation Error
|
CVE-2020-20642
|
2024-11-21 14:12 |
2021-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210212
|
6.5 |
MEDIUM
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42aa…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-21066
|
2024-11-21 14:12 |
2021-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210213
|
5.4 |
MEDIUM
Network
|
domainmod
|
domainmod
|
A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20990
|
2024-11-21 14:12 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210214
|
4.3 |
MEDIUM
Network
|
domainmod
|
domainmod
|
A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.
|
CWE-352
Origin Validation Error
|
CVE-2020-20989
|
2024-11-21 14:12 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210215
|
5.4 |
MEDIUM
Network
|
domainmod
|
domainmod
|
A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Exp…
|
CWE-79
Cross-site Scripting
|
CVE-2020-20988
|
2024-11-21 14:12 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210216
|
7.5 |
HIGH
Network
|
metinfo
|
metinfo
|
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
|
CWE-89
SQL Injection
|
CVE-2020-20981
|
2024-11-21 14:12 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210217
|
9.8 |
CRITICAL
Network
|
8cms
|
ljcms
|
An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-20979
|
2024-11-21 14:12 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210218
|
5.4 |
MEDIUM
Network
|
ukcms
|
ukcms
|
A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20977
|
2024-11-21 14:12 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210219
|
9.8 |
CRITICAL
Network
|
gxlcms
|
gxlcms
|
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.
|
CWE-89
SQL Injection
|
CVE-2020-20975
|
2024-11-21 14:12 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210220
|
6.5 |
MEDIUM
Network
|
maccms
|
maccms
|
An arbitrary file deletion vulnerability exists within Maccms10.
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2020-21363
|
2024-11-21 14:12 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
