CVE-2020-23219 (monstra_cms)
Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. Devamını Oku
Devamını oku
CVE-2021-26920
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users…
CVE-2021-27412
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. Devamını Oku
CVE-2021-27455
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. Devamını Oku
CVE-2021-23402
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. Devamını Oku
CVE-2021-23402 (record-like-deep-assign)
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. Devamını Oku
CVE-2021-23403
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. Devamını Oku
CVE-2021-23403 (ts-nodash)
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. Devamını Oku
CVE-2020-23178
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user. Devamını Oku
CVE-2020-23179
A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field. Devamını Oku
CVE-2020-23181
A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field. Devamını Oku
CVE-2020-23182
The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel. Devamını Oku