|
210881
|
9.8 |
CRITICAL
Network
|
phplist
|
phplist
|
Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-22249
|
2024-11-21 14:13 |
2021-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210882
|
5.4 |
MEDIUM
Network
|
phplist
|
phplist
|
A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted …
|
CWE-79
Cross-site Scripting
|
CVE-2020-23194
|
2024-11-21 14:13 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210883
|
5.4 |
MEDIUM
Network
|
phplist
|
phplist
|
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter und…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23192
|
2024-11-21 14:13 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210884
|
5.4 |
MEDIUM
Network
|
phplist
|
phplist
|
A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23190
|
2024-11-21 14:13 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210885
|
5.4 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted p…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23185
|
2024-11-21 14:13 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210886
|
5.4 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a craf…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23184
|
2024-11-21 14:13 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210887
|
5.4 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Sh…
|
CWE-601
Open Redirect
|
CVE-2020-23182
|
2024-11-21 14:13 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210888
|
5.4 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload e…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23181
|
2024-11-21 14:13 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210889
|
5.4 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted paylo…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23179
|
2024-11-21 14:13 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210890
|
5.4 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user.
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-23178
|
2024-11-21 14:13 |
2021-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
