CVE-2020-18409
Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html.
Source: CVE-2020-18409
[월:] 2023년 06월
CVE-2020-18414
CVE-2020-18414
Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset.
Source: CVE-2020-18414
CVE-2020-18404
CVE-2020-18404
An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter.
Source: CVE-2020-18404
CVE-2023-36463
CVE-2023-36463
Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn’t (fully) sanitized after submission. This issue has been addressed in commit `77e04f4af` which is included in the `1.0.0b1.1.2` release. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Source: CVE-2023-36463
CVE-2023-30993
CVE-2023-30993
IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant’s account. IBM X-Force ID: 254136.
Source: CVE-2023-30993
CVE-2020-19902
CVE-2020-19902
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter.
Source: CVE-2020-19902
CVE-2020-18406
CVE-2020-18406
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.
Source: CVE-2020-18406
CVE-2020-18410
CVE-2020-18410
A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges.
Source: CVE-2020-18410
CVE-2020-18413
CVE-2020-18413
Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code.
Source: CVE-2020-18413
CVE-2020-18416
CVE-2020-18416
An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information.
Source: CVE-2020-18416