» 2021 » 7월

CVE-2020-36410

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-36410

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module.

Source: CVE-2020-36410

CVE-2020-36408

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-36408

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module.

Source: CVE-2020-36408

CVE-2020-36413

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-36413

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module.

Source: CVE-2020-36413

CVE-2020-36397

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-36397

A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.

Source: CVE-2020-36397

CVE-2020-23194

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-23194

A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.

Source: CVE-2020-23194

CVE-2020-23179

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-23179

A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field.

Source: CVE-2020-23179

CVE-2020-23181

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-23181

A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field.

Source: CVE-2020-23181

CVE-2020-23182

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-23182

The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel.

Source: CVE-2020-23182

CVE-2020-23185

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-23185

A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.

Source: CVE-2020-23185

CVE-2020-23184

Posted on 2021년 7월 3일2021년 7월 3일 by admin

CVE-2020-23184

A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field.

Source: CVE-2020-23184