|
213251
|
6.1 |
MEDIUM
Network
|
dswjcms_project
|
dswjcms
|
A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19266
|
2024-11-21 14:09 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213252
|
6.1 |
MEDIUM
Network
|
dswjcms_project
|
dswjcms
|
A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19265
|
2024-11-21 14:09 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213253
|
6.5 |
MEDIUM
Network
|
mipcms
|
mipcms
|
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.
|
CWE-352
Origin Validation Error
|
CVE-2020-19264
|
2024-11-21 14:09 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213254
|
8.8 |
HIGH
Network
|
mipcms
|
mipcms
|
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit.
|
CWE-352
Origin Validation Error
|
CVE-2020-19263
|
2024-11-21 14:09 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213255
|
6.1 |
MEDIUM
Network
|
qdpm
|
qdpm
|
qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19515
|
2024-11-21 14:09 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213256
|
6.1 |
MEDIUM
Network
|
phpwcms
|
phpwcms
|
phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19855
|
2024-11-21 14:09 |
2021-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213257
|
9.8 |
CRITICAL
Network
|
bluecms_project
|
bluecms
|
BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.
|
CWE-89
SQL Injection
|
CVE-2020-19853
|
2024-11-21 14:09 |
2021-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213258
|
7.5 |
HIGH
Network
|
rtb1_project
|
rtb1
|
A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-19769
|
2024-11-21 14:09 |
2021-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213259
|
7.5 |
HIGH
Network
|
tokensale_project
|
tokensale
|
A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-19768
|
2024-11-21 14:09 |
2021-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213260
|
7.5 |
HIGH
Network
|
zeroxracer_project
|
zeroxracer
|
A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script.
|
NVD-CWE-noinfo
|
CVE-2020-19767
|
2024-11-21 14:09 |
2021-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
