|
211451
|
6.1 |
MEDIUM
Network
|
livehelperchat
|
live_helper_chat
|
Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26135
|
2024-11-21 14:19 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211452
|
6.1 |
MEDIUM
Network
|
livehelperchat
|
live_helper_chat
|
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26134
|
2024-11-21 14:19 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211453
|
8.8 |
HIGH
Network
|
openmediavault
|
openmediavault
|
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databas…
|
CWE-94
Code Injection
|
CVE-2020-26124
|
2024-11-21 14:19 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211454
|
5.5 |
MEDIUM
Local
|
artifex
debian
fedoraproject
|
mupdf
debian_linux
fedora
|
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26519
|
2024-11-21 14:19 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211455
|
9.8 |
CRITICAL
Network
|
artica
|
pandora_fms
|
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
|
CWE-89
SQL Injection
|
CVE-2020-26518
|
2024-11-21 14:19 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211456
|
7.5 |
HIGH
Network
|
wpo365
|
wordpress_\+_azure_ad_\/_microsoft_office_365
|
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass.
|
CWE-287
Improper Authentication
|
CVE-2020-26511
|
2024-11-21 14:19 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211457
|
9.8 |
CRITICAL
Network
|
websitebaker
|
websitebaker
|
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access …
|
CWE-89
SQL Injection
|
CVE-2020-25990
|
2024-11-21 14:19 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211458
|
8.8 |
HIGH
Network
|
bigbluebutton
|
greenlight
|
BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.
|
NVD-CWE-Other
|
CVE-2020-26163
|
2024-11-21 14:19 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211459
|
7.5 |
HIGH
Network
|
jwt-go_project
|
jwt-go
|
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fai…
|
CWE-287
CWE-755
Improper Authentication
Improper Handling of Exceptional Conditions
|
CVE-2020-26160
|
2024-11-21 14:19 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211460
|
9.6 |
CRITICAL
Network
|
leanote
|
leanote
|
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26158
|
2024-11-21 14:19 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
