|
208631
|
5.4 |
MEDIUM
Network
|
perfexcrm
|
perfex_crm
|
Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28961
|
2024-11-21 14:23 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208632
|
9.8 |
CRITICAL
Network
|
cct95
|
chichen_tech_cms
|
Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters.
|
CWE-89
SQL Injection
|
CVE-2020-28960
|
2024-11-21 14:23 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208633
|
5.4 |
MEDIUM
Network
|
froxlor
|
froxlor
|
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28957
|
2024-11-21 14:23 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208634
|
5.4 |
MEDIUM
Network
|
sugarcrm
|
sugarcrm
|
Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary add…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28956
|
2024-11-21 14:23 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208635
|
5.4 |
MEDIUM
Network
|
sugarcrm
|
sugarcrm
|
SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28955
|
2024-11-21 14:23 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208636
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortisandbox
|
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users con…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-29012
|
2024-11-21 14:23 |
2021-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208637
|
6.5 |
MEDIUM
Network
|
seacms
|
seacms
|
Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.
|
CWE-352
Origin Validation Error
|
CVE-2020-28846
|
2024-11-21 14:23 |
2021-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208638
|
8.8 |
HIGH
Network
|
fortinet
|
fortisandbox
|
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execut…
|
CWE-89
SQL Injection
|
CVE-2020-29011
|
2024-11-21 14:23 |
2021-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208639
|
7.8 |
HIGH
Local
|
raonwiz
|
raon_k_editor
|
An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-29157
|
2024-11-21 14:23 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208640
|
7.5 |
HIGH
Network
|
wayang-cms_project
|
wayang-cms
|
A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information.
|
CWE-89
SQL Injection
|
CVE-2020-29147
|
2024-11-21 14:23 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
