The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-23310 | There is an Assertion \'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION\' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0. | MEDIUM | Jun 11, 2021 | n/a |
| CVE-2020-23309 | There is an Assertion \'context_p->stack_depth == context_p->context_stack_depth\' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0. | MEDIUM | Jun 11, 2021 | n/a |
| CVE-2020-23308 | There is an Assertion \'context_p->stack_top_uint8 == LEXER_EXPRESSION_START\' at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0. | MEDIUM | Jun 11, 2021 | n/a |
| CVE-2020-23306 | There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0. | HIGH | Jun 11, 2021 | n/a |
| CVE-2020-23303 | There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0. | HIGH | Jun 11, 2021 | n/a |
| CVE-2020-23302 | There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0 | HIGH | Jun 11, 2021 | n/a |
| CVE-2020-23284 | Information disclosure in aspx pages in MV\'s IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application. | MEDIUM | Jul 21, 2021 | n/a |
| CVE-2020-23283 | Information disclosure in Logon Page in MV\'s mConnect application v02.001.00 allows an attacker to know valid users from the application\'s database via brute force. | MEDIUM | Jul 21, 2021 | n/a |
| CVE-2020-23282 | SQL injection in Logon Page in MV\'s mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information. | MEDIUM | Jul 21, 2021 | n/a |
| CVE-2020-23273 | Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap. | MEDIUM | Sep 22, 2021 | n/a |
| CVE-2020-23269 | An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file. | MEDIUM | Sep 22, 2021 | n/a |
| CVE-2020-23267 | An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file | MEDIUM | Sep 22, 2021 | n/a |
| CVE-2020-23266 | An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file. | MEDIUM | Sep 22, 2021 | n/a |
| CVE-2020-23264 | Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators. | MEDIUM | May 7, 2021 | n/a |
| CVE-2020-23263 | Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the navigation_title parameter and the title parameter in /private/en/pages/add. | MEDIUM | May 7, 2021 | n/a |
| CVE-2020-23262 | An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do. | HIGH | Jan 30, 2021 | n/a |
| CVE-2020-23260 | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file. | -- | Apr 4, 2023 | n/a |
| CVE-2020-23259 | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file. | -- | Apr 4, 2023 | n/a |
| CVE-2020-23258 | An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file. | -- | Apr 4, 2023 | n/a |
| CVE-2020-23257 | Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c. | -- | Apr 4, 2023 | n/a |
| CVE-2020-23256 | An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service. | -- | Jan 27, 2023 | n/a |
| CVE-2020-23255 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Nov 7, 2023 | n/a |
| CVE-2020-23250 | GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database. | LOW | Jan 8, 2021 | n/a |
| CVE-2020-23249 | GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext. | MEDIUM | Jan 8, 2021 | n/a |
| CVE-2020-23243 | Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name=wrong_path_redirect feature. | LOW | Jul 30, 2021 | n/a |
| CVE-2020-23242 | Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature. | LOW | Jul 30, 2021 | n/a |
| CVE-2020-23241 | Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in Extra via \'News > Article feature. | LOW | Jul 30, 2021 | n/a |
| CVE-2020-23240 | Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature. | LOW | Jul 30, 2021 | n/a |
| CVE-2020-23239 | Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature. | LOW | Jul 30, 2021 | n/a |
| CVE-2020-23238 | Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature. | LOW | Jul 30, 2021 | n/a |
| CVE-2020-23234 | Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as ontoggle,. | LOW | Jul 30, 2021 | n/a |
| CVE-2020-23226 | Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. | MEDIUM | Aug 28, 2021 | n/a |
| CVE-2020-23219 | Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the Snippet content field under the Edit Snippet module. | MEDIUM | Jul 2, 2021 | n/a |
| CVE-2020-23217 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Add a list field under the Import Emails module. | LOW | Jul 2, 2021 | n/a |
| CVE-2020-23214 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Configure categories field under the Categorise Lists module. | LOW | Jul 2, 2021 | n/a |
| CVE-2020-23209 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the List Description field under the Edit A List module. | LOW | Jul 2, 2021 | n/a |
| CVE-2020-23208 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Send test field under the Start or continue campaign module. | LOW | Jul 2, 2021 | n/a |
| CVE-2020-23207 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Edit Values field under the Configure Attributes module. | LOW | Jul 2, 2021 | n/a |
| CVE-2020-23205 | A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the Site Name field under the Site Settings module. | LOW | Jul 2, 2021 | n/a |
| CVE-2020-23194 | A stored cross site scripting (XSS) vulnerability in the Import Subscribers feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | LOW | Jul 2, 2021 | n/a |
| CVE-2020-23192 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the admin parameter under the Manage administrators module. | LOW | Jul 2, 2021 | n/a |
| CVE-2020-23190 | A stored cross site scripting (XSS) vulnerability in the Import emails module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | LOW | Jul 2, 2021 | n/a |
| CVE-2020-23185 | A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | LOW | Jul 2, 2021 | n/a |
| CVE-2020-23184 | A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Registration field. | LOW | Jul 2, 2021 | n/a |
| CVE-2020-23182 | The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel. | MEDIUM | Jul 2, 2021 | n/a |
| CVE-2020-23181 | A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Manage Theme field. | LOW | Jul 2, 2021 | n/a |
| CVE-2020-23179 | A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Site footer field. | LOW | Jul 2, 2021 | n/a |
| CVE-2020-23178 | An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user. | MEDIUM | Jul 2, 2021 | n/a |
| CVE-2020-23172 | A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives. | MEDIUM | Aug 10, 2021 | n/a |
| CVE-2020-23171 | A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file. | MEDIUM | Aug 10, 2021 | n/a |
