|
210751
|
5.4 |
MEDIUM
Network
|
sugarcrm
|
sugarcrm
|
SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28955
|
2024-11-21 14:23 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210752
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortisandbox
|
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users con…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-29012
|
2024-11-21 14:23 |
2021-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210753
|
6.5 |
MEDIUM
Network
|
seacms
|
seacms
|
Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.
|
CWE-352
Origin Validation Error
|
CVE-2020-28846
|
2024-11-21 14:23 |
2021-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210754
|
8.8 |
HIGH
Network
|
fortinet
|
fortisandbox
|
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execut…
|
CWE-89
SQL Injection
|
CVE-2020-29011
|
2024-11-21 14:23 |
2021-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210755
|
7.8 |
HIGH
Local
|
raonwiz
|
raon_k_editor
|
An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-29157
|
2024-11-21 14:23 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210756
|
7.5 |
HIGH
Network
|
wayang-cms_project
|
wayang-cms
|
A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information.
|
CWE-89
SQL Injection
|
CVE-2020-29147
|
2024-11-21 14:23 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210757
|
6.1 |
MEDIUM
Network
|
wayang-cms_project
|
wayang-cms
|
A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For fi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29146
|
2024-11-21 14:23 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210758
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortisandbox
|
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system…
|
CWE-362
Race Condition
|
CVE-2020-29014
|
2024-11-21 14:23 |
2021-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210759
|
5.4 |
MEDIUM
Network
|
razormist
|
employee_management_system
|
A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29215
|
2024-11-21 14:23 |
2021-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210760
|
9.8 |
CRITICAL
Network
|
alumni_management_system_project
|
alumni_management_system
|
SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php.
|
CWE-89
SQL Injection
|
CVE-2020-29214
|
2024-11-21 14:23 |
2021-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
