|
210231
|
6.1 |
MEDIUM
Network
|
liferay
|
liferay_portal
|
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25476
|
2024-11-21 14:18 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210232
|
4.8 |
MEDIUM
Network
|
beetel
|
777vr1_firmware
|
Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and "Keyword" in URL Filter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25498
|
2024-11-21 14:18 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210233
|
5.4 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be …
|
CWE-79
Cross-site Scripting
|
CVE-2020-25799
|
2024-11-21 14:18 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210234
|
5.4 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25797
|
2024-11-21 14:18 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210235
|
7.5 |
HIGH
Network
|
hgiga
|
msr45_isherlock-user
ssr45_isherlock-user
|
The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.
|
NVD-CWE-noinfo
|
CVE-2020-25850
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210236
|
9.8 |
CRITICAL
Network
|
hgiga
|
ssr45_isherlock-useradmin
ssr45_isherlock-user
ssr45_isherlock-base
ssr45_isherlock-audit
ssr45_isherlock-antispam
msr45_isherlock-antispam
msr45_isherlock-audit
msr45_isherlock-…
|
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
|
CWE-287
Improper Authentication
|
CVE-2020-25848
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210237
|
7.4 |
HIGH
Network
|
panorama_project
|
nhiservisignadapter
|
The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user…
|
CWE-601
Open Redirect
|
CVE-2020-25846
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210238
|
7.4 |
HIGH
Network
|
panorama_project
|
nhiservisignadapter
|
Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
|
CWE-601
Open Redirect
|
CVE-2020-25845
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210239
|
9.8 |
CRITICAL
Network
|
panorama
|
nhiservisignadapter
|
The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-25844
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210240
|
9.8 |
CRITICAL
Network
|
panorama
|
nhiservisignadapter
|
NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-25843
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
