|
210871
|
7.5 |
HIGH
Network
|
snap7_project
|
snap7
|
The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashe…
|
NVD-CWE-noinfo
|
CVE-2020-22552
|
2024-11-21 14:13 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210872
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-22842
|
2024-11-21 14:13 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210873
|
6.1 |
MEDIUM
Network
|
hack
|
hfish
|
An issue was discovered in HFish 0.5.1. When a payload is inserted where the password is entered, XSS code is triggered when the administrator views the information.
|
CWE-79
Cross-site Scripting
|
CVE-2020-22481
|
2024-11-21 14:13 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210874
|
6.1 |
MEDIUM
Network
|
untis
|
webuntis
|
Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information.
|
CWE-79
Cross-site Scripting
|
CVE-2020-22453
|
2024-11-21 14:13 |
2020-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210875
|
5.3 |
MEDIUM
Network
|
verint
|
workforce_optimization
|
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-23446
|
2024-11-21 14:13 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210876
|
9.8 |
CRITICAL
Network
|
vr_cam
|
p1_firmware
|
VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-23512
|
2024-11-21 14:13 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210877
|
8.8 |
HIGH
Network
|
spiceworks
|
spiceworks
|
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
|
CWE-352
Origin Validation Error
|
CVE-2020-23451
|
2024-11-21 14:13 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210878
|
6.1 |
MEDIUM
Network
|
mediakind
|
rx8200_firmware
|
MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-22158
|
2024-11-21 14:13 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210879
|
5.4 |
MEDIUM
Network
|
spiceworks
|
spiceworks
|
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23450
|
2024-11-21 14:13 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210880
|
5.4 |
MEDIUM
Network
|
laborator
|
neon
|
Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23576
|
2024-11-21 14:13 |
2020-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
