The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-23371 | Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter. | MEDIUM | May 13, 2021 | n/a |
| CVE-2020-23370 | In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML. | LOW | May 13, 2021 | n/a |
| CVE-2020-23369 | In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3. | MEDIUM | May 13, 2021 | n/a |
| CVE-2020-23363 | Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script. | -- | May 9, 2023 | n/a |
| CVE-2020-23362 | Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter. | -- | May 9, 2023 | n/a |
| CVE-2020-23361 | phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | HIGH | Jan 27, 2021 | n/a |
| CVE-2020-23360 | oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php | HIGH | Jan 27, 2021 | n/a |
| CVE-2020-23359 | WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check. | HIGH | Jan 27, 2021 | n/a |
| CVE-2020-23356 | dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | MEDIUM | Jan 27, 2021 | n/a |
| CVE-2020-23355 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate. | MEDIUM | Jan 27, 2021 | n/a |
| CVE-2020-23352 | Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values. | MEDIUM | Jan 27, 2021 | n/a |
| CVE-2020-23349 | An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity. | MEDIUM | Apr 5, 2022 | n/a |
| CVE-2020-23342 | A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. | MEDIUM | Jan 22, 2021 | n/a |
| CVE-2020-23341 | A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | MEDIUM | Aug 18, 2021 | n/a |
| CVE-2020-23334 | A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTerminatedStringAtom component of Bento4 version 06c39d9 can lead to a segmentation fault. | MEDIUM | Aug 18, 2021 | n/a |
| CVE-2020-23333 | A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS). | MEDIUM | Aug 18, 2021 | n/a |
| CVE-2020-23332 | A heap-based buffer overflow exists in the AP4_StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service (DOS). | MEDIUM | Aug 18, 2021 | n/a |
| CVE-2020-23331 | An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_DescriptorListWriter::Action component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS). | MEDIUM | Aug 20, 2021 | n/a |
| CVE-2020-23330 | An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS). | MEDIUM | Aug 18, 2021 | n/a |
| CVE-2020-23327 | Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model. | -- | Apr 4, 2023 | n/a |
| CVE-2020-23323 | There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0. | HIGH | Jun 11, 2021 | n/a |
| CVE-2020-23322 | There is an Assertion in \'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA\' in parser_parse_object_initializer in JerryScript 2.2.0. | MEDIUM | Jun 11, 2021 | n/a |
| CVE-2020-23321 | There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0. | HIGH | Jun 11, 2021 | n/a |
| CVE-2020-23320 | There is an Assertion in \'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION\' in parser_parse_function_arguments in JerryScript 2.2.0. | MEDIUM | Jun 11, 2021 | n/a |
| CVE-2020-23319 | There is an Assertion in \'(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth\' in parser_emit_cbc_backward_branch in JerryScript 2.2.0. | MEDIUM | Jun 11, 2021 | n/a |
| CVE-2020-23315 | There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta. | MEDIUM | Jan 20, 2022 | n/a |
| CVE-2020-23314 | There is an Assertion \'block_found\' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0. | MEDIUM | Jun 11, 2021 | n/a |
| CVE-2020-23313 | There is an Assertion \'scope_stack_p > context_p->scope_stack_p\' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0 | MEDIUM | Jun 11, 2021 | n/a |
| CVE-2020-23312 | There is an Assertion \'context.status_flags & PARSER_SCANNING_SUCCESSFUL\' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0. | MEDIUM | Jun 11, 2021 | n/a |
| CVE-2020-23311 | There is an Assertion \'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA\' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0. | MEDIUM | Jun 11, 2021 | n/a |
| CVE-2020-23310 | There is an Assertion \'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION\' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0. | MEDIUM | Jun 11, 2021 | n/a |
| CVE-2020-23309 | There is an Assertion \'context_p->stack_depth == context_p->context_stack_depth\' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0. | MEDIUM | Jun 11, 2021 | n/a |
| CVE-2020-23308 | There is an Assertion \'context_p->stack_top_uint8 == LEXER_EXPRESSION_START\' at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0. | MEDIUM | Jun 11, 2021 | n/a |
| CVE-2020-23306 | There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0. | HIGH | Jun 11, 2021 | n/a |
| CVE-2020-23303 | There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0. | HIGH | Jun 11, 2021 | n/a |
| CVE-2020-23302 | There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0 | HIGH | Jun 11, 2021 | n/a |
| CVE-2020-23284 | Information disclosure in aspx pages in MV\'s IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application. | MEDIUM | Jul 21, 2021 | n/a |
| CVE-2020-23283 | Information disclosure in Logon Page in MV\'s mConnect application v02.001.00 allows an attacker to know valid users from the application\'s database via brute force. | MEDIUM | Jul 21, 2021 | n/a |
| CVE-2020-23282 | SQL injection in Logon Page in MV\'s mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information. | MEDIUM | Jul 21, 2021 | n/a |
| CVE-2020-23273 | Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap. | MEDIUM | Sep 22, 2021 | n/a |
| CVE-2020-23269 | An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file. | MEDIUM | Sep 22, 2021 | n/a |
| CVE-2020-23267 | An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file | MEDIUM | Sep 22, 2021 | n/a |
| CVE-2020-23266 | An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file. | MEDIUM | Sep 22, 2021 | n/a |
| CVE-2020-23264 | Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators. | MEDIUM | May 7, 2021 | n/a |
| CVE-2020-23263 | Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the navigation_title parameter and the title parameter in /private/en/pages/add. | MEDIUM | May 7, 2021 | n/a |
| CVE-2020-23262 | An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do. | HIGH | Jan 30, 2021 | n/a |
| CVE-2020-23260 | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file. | -- | Apr 4, 2023 | n/a |
| CVE-2020-23259 | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file. | -- | Apr 4, 2023 | n/a |
| CVE-2020-23258 | An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file. | -- | Apr 4, 2023 | n/a |
| CVE-2020-23257 | Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c. | -- | Apr 4, 2023 | n/a |
