Kategori: Güvenlik Açıkları

CVE-2020-23044

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum`…

Devamını oku

CVE-2020-23045

Macrob7 Macs Framework Content Management System – 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser`…

Devamını oku

CVE-2020-23046

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. Devamını…

Devamını oku

CVE-2020-23047

Macrob7 Macs Framework Content Management System – 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search…

Devamını oku

CVE-2020-23048

SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters. Devamını Oku

Devamını oku

CVE-2020-23049

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or…

Devamını oku

CVE-2020-23050

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field.…

Devamını oku

CVE-2020-23051

Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of…

Devamını oku

CVE-2020-23052

Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description…

Devamını oku

CVE-2020-23054

A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted…

Devamını oku