The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2020-18268 | Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the redirect parameter in the component zb_system/cmd.php. | MEDIUM | Jun 7, 2021 |
CVE-2020-18280 | Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function. | -- | May 9, 2023 |
CVE-2020-18282 | Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature. | -- | May 11, 2023 |
CVE-2020-18324 | Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. | MEDIUM | Mar 4, 2022 |
CVE-2020-18325 | Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. | MEDIUM | Mar 4, 2022 |
CVE-2020-18326 | Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. | MEDIUM | Mar 4, 2022 |
CVE-2020-18327 | Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 | MEDIUM | Mar 4, 2022 |
CVE-2020-18329 | An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface. | -- | Jan 27, 2023 |
CVE-2020-18330 | An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), allows attackers to gain access to the configuration interface. | -- | Jan 27, 2023 |
CVE-2020-18331 | Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), via the getpage parameter to /cgi-bin/webproc. | -- | Jan 27, 2023 |
CVE-2020-18336 | Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. | -- | Oct 10, 2023 |
CVE-2020-18378 | A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as. | -- | Aug 22, 2023 |
CVE-2020-18382 | Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt. | -- | Aug 22, 2023 |
CVE-2020-18392 | Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | MEDIUM | May 28, 2021 |
CVE-2020-18395 | A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs. | MEDIUM | May 28, 2021 |
CVE-2020-18404 | An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter. | -- | Jun 27, 2023 |
CVE-2020-18406 | An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data. | -- | Jun 27, 2023 |
CVE-2020-18409 | Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html. | -- | Jun 27, 2023 |
CVE-2020-18410 | A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges. | -- | Jun 27, 2023 |
CVE-2020-18413 | Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code. | -- | Jun 27, 2023 |
CVE-2020-18414 | Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset. | -- | Jun 27, 2023 |
CVE-2020-18416 | An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information. | -- | Jun 27, 2023 |
CVE-2020-18418 | A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert. | -- | Jun 27, 2023 |
CVE-2020-18428 | tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS). | MEDIUM | Jul 27, 2021 |
CVE-2020-18430 | tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS). | MEDIUM | Jul 27, 2021 |
CVE-2020-18432 | File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. | -- | Jun 30, 2023 |
CVE-2020-18438 | Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php. | MEDIUM | Nov 3, 2021 |
CVE-2020-18439 | An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell. | MEDIUM | Nov 3, 2021 |
CVE-2020-18440 | Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code. | HIGH | Nov 3, 2021 |
CVE-2020-18442 | Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value zzip_file_read in the function unzzip_cat_file. | MEDIUM | Jun 20, 2021 |
CVE-2020-18445 | Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php. | MEDIUM | Aug 13, 2021 |
CVE-2020-18446 | Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php. | LOW | Aug 13, 2021 |
CVE-2020-18449 | Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php | LOW | Aug 13, 2021 |
CVE-2020-18451 | Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php. | LOW | Aug 13, 2021 |
CVE-2020-18454 | Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html. | MEDIUM | Aug 12, 2021 |
CVE-2020-18455 | Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php. | LOW | Aug 12, 2021 |
CVE-2020-18456 | Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php. | LOW | Aug 12, 2021 |
CVE-2020-18457 | Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html. | MEDIUM | Aug 12, 2021 |
CVE-2020-18458 | Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. | MEDIUM | Aug 12, 2021 |
CVE-2020-18460 | Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content. | MEDIUM | Aug 12, 2021 |
CVE-2020-18462 | File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file. | MEDIUM | Aug 12, 2021 |
CVE-2020-18463 | Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message. | LOW | Aug 12, 2021 |
CVE-2020-18464 | Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information. | LOW | Aug 12, 2021 |
CVE-2020-18467 | Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create. | LOW | Aug 27, 2021 |
CVE-2020-18468 | Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration. | LOW | Aug 27, 2021 |
CVE-2020-18469 | Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application. | LOW | Aug 27, 2021 |
CVE-2020-18470 | Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php. | LOW | Aug 27, 2021 |
CVE-2020-18475 | Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be executed. | LOW | Aug 27, 2021 |
CVE-2020-18476 | SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field. | MEDIUM | Aug 27, 2021 |
CVE-2020-18477 | SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field. | MEDIUM | Aug 27, 2021 |