CVE-2020-20426 (s-cms)
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. Devamını Oku
Devamını oku
CVE-2020-20593
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. Devamını Oku
CVE-2020-20595 (opms)
A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add. Devamını Oku
CVE-2020-20597 (lemon)
A cross-site scripting (XSS) vulnerability in the potrtalItemName parameter in webPortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML. Devamını Oku
CVE-2020-20598 (lemon)
A cross-site scripting (XSS) vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML. Devamını Oku
CVE-2020-20600 (metinfo)
MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn. Devamını Oku
CVE-2020-20601
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet. Devamını Oku
CVE-2020-20605 (personal_blog_cms)
Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in the /controller/CommentAdminController.java component. Devamını Oku
CVE-2021-21880
A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. Devamını Oku
CVE-2021-21881
An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Devamını Oku
CVE-2021-21882
An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Devamını Oku
CVE-2021-21883
An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Devamını Oku