The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2020-19148 | Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the \'Nickname\' parameter in the component \'/jfinal_cms/front/person/profile.html\'. | LOW | Sep 15, 2021 |
| CVE-2020-19147 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the \'getFolder()\' function in the component \'/modules/filemanager/FileManager.java\'. | MEDIUM | Sep 15, 2021 |
| CVE-2020-19146 | Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the \'TemplatePath\' parameter in the component \'jfinal_cms/admin/folder/list\'. | MEDIUM | Sep 15, 2021 |
| CVE-2020-19144 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the \'in _TIFFmemcpy\' funtion in the component \'tif_unix.c\'. | MEDIUM | Sep 10, 2021 |
| CVE-2020-19143 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the TIFFVGetField funtion in the component \'libtiff/tif_dir.c\'. | MEDIUM | Sep 10, 2021 |
| CVE-2020-19142 | iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php. | HIGH | Dec 11, 2020 |
| CVE-2020-19138 | Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component /src/main/java/com/dotmarketing/filters/CMSFilter.java. | HIGH | Sep 9, 2021 |
| CVE-2020-19137 | Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component autumn-cms/user/getAllUser/?page=1&limit=10. | MEDIUM | Sep 9, 2021 |
| CVE-2020-19131 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the invertImage() function in the component tiffcrop. | MEDIUM | Sep 10, 2021 |
| CVE-2020-19118 | Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. | LOW | Jul 30, 2021 |
| CVE-2020-19114 | SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | HIGH | May 7, 2021 |
| CVE-2020-19113 | Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution. | HIGH | May 6, 2021 |
| CVE-2020-19112 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. | HIGH | May 7, 2021 |
| CVE-2020-19111 | Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. | HIGH | May 6, 2021 |
| CVE-2020-19110 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. | HIGH | May 7, 2021 |
| CVE-2020-19109 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code. | HIGH | May 7, 2021 |
| CVE-2020-19108 | SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. | HIGH | May 7, 2021 |
| CVE-2020-19107 | SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | HIGH | May 7, 2021 |
| CVE-2020-19049 | Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the Description field found in the Add New Forum page by doing an authenticated POST HTTP request to \'/Upload/admin/index.php?module=forum-management&action=add\'. | LOW | Aug 31, 2021 |
| CVE-2020-19048 | Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the Title field found in the Add New Forum page by doing an authenticated POST HTTP request to \'/Upload/admin/index.php?module=forum-management&action=add\'. | LOW | Aug 31, 2021 |
| CVE-2020-19047 | Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component \'/index.php?controller=system&action=admin_edit_act\'. | MEDIUM | Aug 31, 2021 |
| CVE-2020-19046 | Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component \'/admin/tpl.php?page=\'. | LOW | Aug 31, 2021 |
| CVE-2020-19042 | Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php. | MEDIUM | Dec 16, 2021 |
| CVE-2020-19038 | File Deletion vulnerability in Halo 0.4.3 via delBackup. | MEDIUM | Jul 15, 2021 |
| CVE-2020-19037 | Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. | MEDIUM | Jul 15, 2021 |
| CVE-2020-19028 | *File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function. | -- | Jun 6, 2023 |
| CVE-2020-19007 | Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user\'s browser. | LOW | Aug 26, 2020 |
| CVE-2020-19005 | zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly. | LOW | Aug 26, 2020 |
| CVE-2020-19003 | An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list. | MEDIUM | Oct 6, 2021 |
| CVE-2020-19002 | Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the \'Description\' field of the component \'admin/blog/blogpost/add/\'. This issue is different than CVE-2018-16632. | MEDIUM | Aug 28, 2021 |
| CVE-2020-19001 | Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component \'simiki/blob/master/simiki/config.py\'. | HIGH | Aug 28, 2021 |
| CVE-2020-19000 | Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line 54 of the component \'simiki/blob/master/simiki/generators.py\'. | MEDIUM | Aug 28, 2021 |
| CVE-2020-18999 | Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component \'/admin/submit-articles\'. | MEDIUM | Aug 28, 2021 |
| CVE-2020-18998 | Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component \'/admin/custom/blog-plugin/add\'. | MEDIUM | Aug 28, 2021 |
| CVE-2020-18985 | An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. | MEDIUM | Dec 16, 2021 |
| CVE-2020-18984 | A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection. | MEDIUM | Dec 16, 2021 |
| CVE-2020-18982 | Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | LOW | Jul 12, 2021 |
| CVE-2020-18980 | Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. | HIGH | Jul 14, 2021 |
| CVE-2020-18979 | Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. | MEDIUM | Jul 14, 2021 |
| CVE-2020-18976 | Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the \'do_checksum\' function in \'checksum.c\'. It can be triggered by sending a crafted pcap file to the \'tcpreplay-edit\' binary. This issue is different than CVE-2019-8381. | MEDIUM | Aug 25, 2021 |
| CVE-2020-18974 | Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via \'crc64i\' in the component \'nasmlib/crc64\'. This issue is different than CVE-2019-7147. | MEDIUM | Aug 25, 2021 |
| CVE-2020-18972 | Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via \'IsNextToken\' in the component \'src/base/PdfToenizer.cpp\'. | MEDIUM | Aug 25, 2021 |
| CVE-2020-18971 | Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component \'src/base/PdfDictionary.cpp:65\'. | MEDIUM | Aug 25, 2021 |
| CVE-2020-18964 | Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges. | MEDIUM | May 11, 2021 |
| CVE-2020-18917 | The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker\'s control. | MEDIUM | Aug 25, 2021 |
| CVE-2020-18913 | EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information. | MEDIUM | Aug 25, 2021 |
| CVE-2020-18912 | An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php. | -- | Aug 29, 2023 |
| CVE-2020-18900 | A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub | MEDIUM | Aug 20, 2021 |
| CVE-2020-18899 | An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input. | MEDIUM | Aug 20, 2021 |
| CVE-2020-18898 | A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. | MEDIUM | Aug 20, 2021 |
