|
209591
|
7.2 |
HIGH
Network
|
mimosa
|
b5_firmware
b5c_firmware
c5c_firmware
|
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to…
|
CWE-78
OS Command
|
CVE-2020-25206
|
2024-11-21 14:17 |
2021-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209592
|
6.1 |
MEDIUM
Network
|
mimosa
|
b5_firmware
b5c_firmware
c5c_firmware
|
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may se…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25205
|
2024-11-21 14:17 |
2021-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209593
|
7.8 |
HIGH
Local
|
bookingcore
|
booking_core
|
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a re…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-25445
|
2024-11-21 14:17 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209594
|
5.4 |
MEDIUM
Network
|
bookingcore
|
booking_core
|
Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field unde…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25444
|
2024-11-21 14:17 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209595
|
5.4 |
MEDIUM
Network
|
mozilo
|
mozilocms
|
A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25394
|
2024-11-21 14:17 |
2021-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209596
|
5.4 |
MEDIUM
Network
|
cszcms
|
csz_cms
|
A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' pl…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25392
|
2024-11-21 14:17 |
2021-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209597
|
5.4 |
MEDIUM
Network
|
cszcms
|
csz_cms
|
A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' modu…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25391
|
2024-11-21 14:17 |
2021-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209598
|
9.8 |
CRITICAL
Network
|
monstra
|
monstra
|
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code.
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2020-25414
|
2024-11-21 14:17 |
2021-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209599
|
7.5 |
HIGH
Network
|
online_shopping_alphaware_project
|
online_shopping_alphaware
|
The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve al…
|
CWE-89
SQL Injection
|
CVE-2020-25362
|
2024-11-21 14:17 |
2021-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209600
|
6.5 |
MEDIUM
Network
|
online_examination_system_project
|
online_examination_system
|
Projectworlds Online Examination System 1.0 is vulnerable to CSRF, which allows a remote attacker to delete the existing user.
|
CWE-352
Origin Validation Error
|
CVE-2020-25411
|
2024-11-21 14:17 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
