CVE-2020-19156
Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the ‘Title’ parameter of the ‘Add New Connections’ component when the ‘save()’ function is called.
Source: CVE-2020-19156
[월:] 2021년 09월
CVE-2020-19154
CVE-2020-19154
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the ‘FileManager.editFile()’ function in the component ‘modules/filemanager/FileManagerController.java’.
Source: CVE-2020-19154
CVE-2020-19158
CVE-2020-19158
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the ‘Site Title’ parameter of the component ‘/data/admin/#/app/config/’.
Source: CVE-2020-19158
CVE-2020-19157
CVE-2020-19157
Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the ‘Intro’ parameter for the component ‘/index.php?m=ucenter&a=index’.
Source: CVE-2020-19157
CVE-2021-21798
CVE-2021-21798
An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability.
Source: CVE-2021-21798
CVE-2020-19159
CVE-2020-19159
Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component ‘/index.php?module=member&action=add’.
Source: CVE-2020-19159
CVE-2021-38156
CVE-2021-38156
In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.
Source: CVE-2021-38156
CVE-2021-39189
CVE-2021-39189
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.
Source: CVE-2021-39189
CVE-2020-19155
CVE-2020-19155
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the ‘FileManager.rename()’ function in the component ‘modules/filemanager/FileManagerController.java’.
Source: CVE-2020-19155
CVE-2020-19147
CVE-2020-19147
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the ‘getFolder()’ function in the component ‘/modules/filemanager/FileManager.java’.
Source: CVE-2020-19147