CVE-2020-35752
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.
Source: CVE-2020-35752
[월:] 2021년 03월
CVE-2021-21491
CVE-2021-21491
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
Source: CVE-2021-21491
CVE-2020-5016
CVE-2020-5016
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary xml files on the system. This does not occur if Application security is enabled. IBM X-Force ID: 193556.
Source: CVE-2020-5016
CVE-2020-24791
CVE-2020-24791
FUEL CMS 1.4.8 allows SQL injection via the ‘fuel_replace_id’ parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Source: CVE-2020-24791
CVE-2021-3224
CVE-2021-3224
A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.
Source: CVE-2021-3224
CVE-2020-23721
CVE-2020-23721
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.
Source: CVE-2020-23721
CVE-2020-28705
CVE-2020-28705
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.
Source: CVE-2020-28705
CVE-2020-23722
CVE-2020-23722
An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.
Source: CVE-2020-23722
CVE-2021-28007
CVE-2021-28007
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter.
Source: CVE-2021-28007
CVE-2021-20673
CVE-2021-20673
Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
Source: CVE-2021-20673