|
210811
|
6.1 |
MEDIUM
Network
|
2sic
|
2sxc
|
An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript payload in a victi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26885
|
2024-11-21 14:20 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210812
|
5.4 |
MEDIUM
Network
|
pfsense
|
pfsense
|
A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_moni…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26693
|
2024-11-21 14:20 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210813
|
8.8 |
HIGH
Network
|
bigtreecms
|
bigtree_cms
|
A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create…
|
CWE-78
OS Command
|
CVE-2020-26670
|
2024-11-21 14:20 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210814
|
5.4 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26669
|
2024-11-21 14:20 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210815
|
8.8 |
HIGH
Network
|
bigtreecms
|
bigtree_cms
|
A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via…
|
CWE-89
SQL Injection
|
CVE-2020-26668
|
2024-11-21 14:20 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210816
|
6.1 |
MEDIUM
Network
|
seacms
|
seacms
|
A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26642
|
2024-11-21 14:20 |
2021-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210817
|
8.8 |
HIGH
Network
|
idreamsoft
|
icms
|
A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.
|
CWE-352
Origin Validation Error
|
CVE-2020-26641
|
2024-11-21 14:20 |
2021-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210818
|
5.4 |
MEDIUM
Network
|
vfairs
|
vfairs
|
In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the databas…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26680
|
2024-11-21 14:20 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210819
|
4.3 |
MEDIUM
Network
|
vfairs
|
vfairs
|
vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user'…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-26679
|
2024-11-21 14:20 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210820
|
8.8 |
HIGH
Network
|
vfairs
|
vfairs
|
vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP f…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26678
|
2024-11-21 14:20 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
