» 2021 » 7월

CVE-2021-32737

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2021-32737

Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.

Source: CVE-2021-32737

CVE-2020-36395

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-36395

A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.

Source: CVE-2020-36395

CVE-2020-36399

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-36399

A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module.

Source: CVE-2020-36399

CVE-2020-36398

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-36398

A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module.

Source: CVE-2020-36398

CVE-2020-36415

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-36415

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module.

Source: CVE-2020-36415

CVE-2020-23178

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-23178

An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user.

Source: CVE-2020-23178

CVE-2020-36414

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-36414

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature.

Source: CVE-2020-36414

CVE-2020-36411

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-36411

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the {page_image} tag:" or "Path for thumbnail field:" parameters under the "Content Editing Settings" module.

Source: CVE-2020-36411

CVE-2020-36412

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-36412

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module.

Source: CVE-2020-36412

CVE-2020-36409

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-36409

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module.

Source: CVE-2020-36409