🚨 CVE-2020-20584
A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/.
🎖@cveNotify
A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/.
🎖@cveNotify
🚨 CVE-2020-20585
A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.
🎖@cveNotify
A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.
🎖@cveNotify
🚨 CVE-2020-20586
A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.
🎖@cveNotify
A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.
🎖@cveNotify
Baidu
百度网盘 请输入提取码
百度网盘为您提供文件的网络备份、同步和分享服务。空间大、速度快、安全稳固,支持教育网加速,支持手机端。注册使用百度网盘即可享受免费存储空间
🚨 CVE-2020-20363
Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php.
🎖@cveNotify
Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php.
🎖@cveNotify
🚨 CVE-2020-20345
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.
🎖@cveNotify
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.
🎖@cveNotify
GitHub
GitHub - taosir/wtcms: 基于thinkphp的内容管理系统,可快速搭建个人博客、公司学校官网、新闻类站点。
基于thinkphp的内容管理系统,可快速搭建个人博客、公司学校官网、新闻类站点。. Contribute to taosir/wtcms development by creating an account on GitHub.
🚨 CVE-2020-21468
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7.
🎖@cveNotify
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7.
🎖@cveNotify
🚨 CVE-2020-21228
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
🎖@cveNotify
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
🎖@cveNotify
GitHub
GitHub - Cherry-toto/jizhicms: 极致CMS(以下简称:JIZHICMS)是一款开源免费,无商业授权的建站系统。
极致CMS(以下简称:JIZHICMS)是一款开源免费,无商业授权的建站系统。. Contribute to Cherry-toto/jizhicms development by creating an account on GitHub.
🚨 CVE-2020-19961
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.
🎖@cveNotify
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.
🎖@cveNotify
GitHub
GitHub - forget-code/zzcms: zzcms,站长招商网cms,适用于招商代理型的行业网站,可用于医药招商网站程序源码,服装招商网站程序源码,化妆品招商网站的程序源码等。目前forget-code项目缓存了v7.0~2019的版本…
zzcms,站长招商网cms,适用于招商代理型的行业网站,可用于医药招商网站程序源码,服装招商网站程序源码,化妆品招商网站的程序源码等。目前forget-code项目缓存了v7.0~2019的版本,官网最新版下载地址:http://www.zzcms.net/about/6.htm - forget-code/zzcms
🚨 CVE-2020-19964
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.
🎖@cveNotify
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.
🎖@cveNotify
GitHub
GitHub - gaozhifeng/PHPMyWind: PHPMyWind是一个品牌,一款基于PHP+MySQL开发符合W3C标准的建站引擎 © 2010 - 2017
PHPMyWind是一个品牌,一款基于PHP+MySQL开发符合W3C标准的建站引擎 © 2010 - 2017 - gaozhifeng/PHPMyWind
🚨 CVE-2020-23546
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981.
🎖@cveNotify
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981.
🎖@cveNotify
GitHub
Research/README.md at main · nhiephon/Research
Contribute to nhiephon/Research development by creating an account on GitHub.
🚨 CVE-2020-25912
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).
🎖@cveNotify
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).
🎖@cveNotify
GitHub
XXE Vulnerability · Issue #2924 · symphonycms/symphonycms
https://github.com/symphonycms/symphonycms/blob/master/symphony/lib/toolkit/class.xmlelement.php public static function convertFromXMLString($root_element, $xml) { $doc = new DOMDocument('1.0&#...
🚨 CVE-2020-25366
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.
🎖@cveNotify
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.
🎖@cveNotify
GitHub
iot/dir823g_upfw_dos.md at master · sek1th/iot
Contribute to sek1th/iot development by creating an account on GitHub.
🚨 CVE-2020-25368
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
🎖@cveNotify
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
🎖@cveNotify
GitHub
iot/dir-823g_2.md at master · sek1th/iot
Contribute to sek1th/iot development by creating an account on GitHub.
🚨 CVE-2020-19611
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter.
🎖@cveNotify
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter.
🎖@cveNotify
GitHub
fix an XSS issue in an error message · RackTables/racktables@2ce35ad
The issue was reported by Diego Di Nardo.
🚨 CVE-2018-10228
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
🎖@cveNotify
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
🎖@cveNotify
GitHub
LimeSurvey/application/controllers/admin/themes.php at d0e0c94042fdb5119c9247dc2d57685334492e71 · LimeSurvey/LimeSurvey
🔥 LimeSurvey – A powerful, open-source survey platform. A free alternative to SurveyMonkey, Typeform, Qualtrics, and Google Forms, making it simple to create online surveys and forms with unmatched...
🚨 CVE-2020-20425
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
🎖@cveNotify
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
🎖@cveNotify
GitHub
s-cms Government station building system exists XSS · Issue #1 · Str1am/vulnerability
打开首页 点击政府建站系统得预览,进入预览网站 其中搜索功能处存在xss,过滤了on事件,但是使用payload:"><svg/onload=alert(1)>成功弹窗
🚨 CVE-2020-20426
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
🎖@cveNotify
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
🎖@cveNotify
GitHub
s-cms Multiple XSS exist in / function / booksave.php in Government station building system · Issue #2 · Str1am/vulnerability
in / function / booksave.php, 只是简单得过滤了script,iframe,等标签,可以进行绕过 payload:http://127.0.0.1/CMS/scms//function/booksave.php POST:G_title="><svg/onload=alert(1)>&G_mail=heelo@qq.com&am...
🚨 CVE-2020-18324
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
🎖@cveNotify
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
🎖@cveNotify
GitHub
GitHub - hamm0nz/CVE-2020-18324: Exploit PoC for CVE-2020-18324
Exploit PoC for CVE-2020-18324. Contribute to hamm0nz/CVE-2020-18324 development by creating an account on GitHub.
🚨 CVE-2020-18325
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
🎖@cveNotify
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
🎖@cveNotify
GitHub
GitHub - hamm0nz/CVE-2020-18325: Exploit PoC for CVE-2020-18325
Exploit PoC for CVE-2020-18325. Contribute to hamm0nz/CVE-2020-18325 development by creating an account on GitHub.
🚨 CVE-2020-18326
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
🎖@cveNotify
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
🎖@cveNotify
GitHub
GitHub - hamm0nz/CVE-2020-18326: Exploit PoC for CVE-2020-18326
Exploit PoC for CVE-2020-18326. Contribute to hamm0nz/CVE-2020-18326 development by creating an account on GitHub.
🚨 CVE-2022-26597
Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name.
🎖@cveNotify
Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name.
🎖@cveNotify