|
211001
|
5.4 |
MEDIUM
Network
|
akaunting
|
akaunting
|
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name…
|
CWE-79
Cross-site Scripting
|
CVE-2020-20908
|
2024-11-21 14:12 |
2021-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211002
|
5.4 |
MEDIUM
Network
|
jeecms
|
jeecms_x
|
JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
CWE-79
Cross-site Scripting
|
CVE-2020-21729
|
2024-11-21 14:12 |
2021-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211003
|
9.8 |
CRITICAL
Network
|
opensns
|
opensns
|
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter.
|
CWE-89
SQL Injection
|
CVE-2020-21726
|
2024-11-21 14:12 |
2021-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211004
|
9.8 |
CRITICAL
Network
|
opensns
|
opensns
|
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter.
|
CWE-89
SQL Injection
|
CVE-2020-21725
|
2024-11-21 14:12 |
2021-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211005
|
9.8 |
CRITICAL
Network
|
thinkphp50-cms_project
|
thinkphp50-cms
|
ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha.
|
NVD-CWE-noinfo
|
CVE-2020-21865
|
2024-11-21 14:12 |
2021-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211006
|
6.5 |
MEDIUM
Network
|
wdja
|
wdja_cms
|
A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL.
|
CWE-352
Origin Validation Error
|
CVE-2020-21658
|
2024-11-21 14:12 |
2021-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211007
|
5.4 |
MEDIUM
Network
|
xyhcms
|
xyhcms
|
XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index.
|
CWE-79
Cross-site Scripting
|
CVE-2020-21656
|
2024-11-21 14:12 |
2021-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211008
|
7.2 |
HIGH
Network
|
emlog
|
emlog
|
emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file.
|
NVD-CWE-noinfo
|
CVE-2020-21654
|
2024-11-21 14:12 |
2021-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211009
|
9.1 |
CRITICAL
Network
|
myucms_project
|
myucms
|
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() method.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-21653
|
2024-11-21 14:12 |
2021-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211010
|
9.8 |
CRITICAL
Network
|
myucms_project
|
myucms
|
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method.
|
CWE-94
Code Injection
|
CVE-2020-21652
|
2024-11-21 14:12 |
2021-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
