Search

Search Results (363049 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-21394 1 Crmeb 1 Crmeb 2024-11-21 8.8 High
SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php.
CVE-2020-21387 1 Maccms 1 Maccms 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.
CVE-2020-21386 1 Maccms 1 Maccms 2024-11-21 8.8 High
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.
CVE-2020-21378 1 Seacms 1 Seacms 2024-11-21 9.8 Critical
SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php.
CVE-2020-21377 1 Yunyecms 1 Yunyecms 2024-11-21 9.8 Critical
SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter.
CVE-2020-21365 2 Debian, Wkhtmltopdf 2 Debian Linux, Wkhtmltopdf 2024-11-21 7.5 High
Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.
CVE-2020-21363 1 Maccms 1 Maccms 2024-11-21 6.5 Medium
An arbitrary file deletion vulnerability exists within Maccms10.
CVE-2020-21362 1 Maccms 1 Maccms 2024-11-21 5.4 Medium
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
CVE-2020-21359 1 Maccms 1 Maccms 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.
CVE-2020-21358 1 Wagecms Project 1 Wage-cms 2024-11-21 6.5 Medium
A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users.
CVE-2020-21357 1 Popojicms 1 Popojicms 2024-11-21 6.1 Medium
A stored cross site scripting (XSS) vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field.
CVE-2020-21356 1 Popojicms 1 Popojicms 2024-11-21 5.3 Medium
An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads.
CVE-2020-21353 1 Get-simple 1 Getsimplecms 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module.
CVE-2020-21345 1 Halo 1 Halo 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code.
CVE-2020-21342 1 Zzcms 1 Zzcms 2024-11-21 7.5 High
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php.
CVE-2020-21333 1 Publiccms 1 Publiccms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case.
CVE-2020-21322 1 Feehi 1 Feehicms 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2020-21321 1 Emlog 1 Emlog 2024-11-21 4.3 Medium
emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.
CVE-2020-21316 1 Zrlog 1 Zrlog 2024-11-21 6.1 Medium
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.
CVE-2020-21266 1 Broadleafcommerce 1 Broadleaf Commerce 2024-11-21 6.1 Medium
Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability.