|
210201
|
6.1 |
MEDIUM
Network
|
wcms
|
wcms
|
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24135
|
2024-11-21 14:14 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210202
|
6.1 |
MEDIUM
Network
|
wcms
|
wcms
|
Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24138
|
2024-11-21 14:14 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210203
|
8.6 |
HIGH
Network
|
wcms
|
wcms
|
Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.
|
CWE-22
Path Traversal
|
CVE-2020-24136
|
2024-11-21 14:14 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210204
|
6.1 |
MEDIUM
Network
|
episerver
|
find
|
An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.
|
CWE-601
Open Redirect
|
CVE-2020-24550
|
2024-11-21 14:14 |
2021-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210205
|
9.8 |
CRITICAL
Network
|
mongo-express_project
|
mongo-express
|
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.
|
NVD-CWE-noinfo
|
CVE-2020-24391
|
2024-11-21 14:14 |
2021-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210206
|
9.8 |
CRITICAL
Network
|
portainer
|
portainer
|
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and n…
|
CWE-863
Incorrect Authorization
|
CVE-2020-24264
|
2024-11-21 14:14 |
2021-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210207
|
8.8 |
HIGH
Network
|
portainer
|
portainer
|
Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical c…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-24263
|
2024-11-21 14:14 |
2021-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210208
|
8.8 |
HIGH
Network
|
thedaylightstudio
|
fuel_cms
|
An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-23722
|
2024-11-21 14:14 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210209
|
5.4 |
MEDIUM
Network
|
thedaylightstudio
|
fuel_cms
|
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23721
|
2024-11-21 14:14 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210210
|
7.8 |
HIGH
Local
|
drweb
|
security_space
|
Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-23967
|
2024-11-21 14:14 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
