» 2021 » 7월

CVE-2020-35985

Posted on 2021년 7월 10일2021년 7월 10일 by admin

CVE-2020-35985

A stored cross site scripting (XSS) vulnerability in the ‘Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Name’ parameter.

Source: CVE-2020-35985

CVE-2020-25878

Posted on 2021년 7월 10일2021년 7월 10일 by admin

CVE-2020-25878

A stored cross site scripting (XSS) vulnerability in the ‘Admin-Tools’ feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the ‘Output Filters’ and ‘Droplets’ modules.

Source: CVE-2020-25878

CVE-2020-25879

Posted on 2021년 7월 10일2021년 7월 10일 by admin

CVE-2020-25879

A stored cross site scripting (XSS) vulnerability in the ‘Manage Users’ feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Username’ parameter.

Source: CVE-2020-25879

CVE-2020-25876

Posted on 2021년 7월 10일2021년 7월 10일 by admin

CVE-2020-25876

A stored cross site scripting (XSS) vulnerability in the ‘Pages’ feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the ‘Page Title’ parameter.

Source: CVE-2020-25876

CVE-2021-35361

Posted on 2021년 7월 10일2021년 7월 10일 by admin

CVE-2021-35361

A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.

Source: CVE-2021-35361

CVE-2020-25394

Posted on 2021년 7월 10일2021년 7월 10일 by admin

CVE-2020-25394

A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter.

Source: CVE-2020-25394

CVE-2020-25392

Posted on 2021년 7월 10일2021년 7월 10일 by admin

CVE-2020-25392

A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘New Article’ field under the ‘Article’ plugin.

Source: CVE-2020-25392

CVE-2020-25391

Posted on 2021년 7월 10일2021년 7월 10일 by admin

CVE-2020-25391

A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘New Pages’ field under the ‘Pages Content’ module.

Source: CVE-2020-25391

CVE-2021-36371

Posted on 2021년 7월 10일2021년 7월 10일 by admin

CVE-2021-36371

Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend.

Source: CVE-2021-36371

CVE-2021-36367

Posted on 2021년 7월 10일2021년 7월 10일 by admin

CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).

Source: CVE-2021-36367