The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2020-23718 | Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php. | MEDIUM | Nov 3, 2021 |
| CVE-2020-23715 | Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download. | MEDIUM | Jul 2, 2021 |
| CVE-2020-23711 | SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php. | HIGH | Jul 1, 2021 |
| CVE-2020-23710 | Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature. | LOW | Jun 29, 2021 |
| CVE-2020-23707 | A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | MEDIUM | Jul 16, 2021 |
| CVE-2020-23706 | A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | MEDIUM | Jul 16, 2021 |
| CVE-2020-23705 | A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | MEDIUM | Jul 16, 2021 |
| CVE-2020-23702 | Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via \'New Shout\' in /infusions/shoutbox_panel/shoutbox_admin.php. | LOW | Jul 7, 2021 |
| CVE-2020-23700 | Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. | LOW | Jul 7, 2021 |
| CVE-2020-23697 | Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php. | LOW | Jul 8, 2021 |
| CVE-2020-23691 | YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php. | HIGH | May 14, 2021 |
| CVE-2020-23689 | In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page. | LOW | May 14, 2021 |
| CVE-2020-23686 | Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts. | MEDIUM | Nov 2, 2021 |
| CVE-2020-23685 | SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php. | HIGH | Nov 3, 2021 |
| CVE-2020-23680 | An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts. | MEDIUM | Nov 5, 2021 |
| CVE-2020-23679 | Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field. | HIGH | Nov 5, 2021 |
| CVE-2020-23660 | webTareas v2.1 is affected by Cross Site Scripting (XSS) on Search. | LOW | Aug 28, 2020 |
| CVE-2020-23659 | WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the connections feature. | LOW | Aug 28, 2020 |
| CVE-2020-23658 | PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. | LOW | Aug 26, 2020 |
| CVE-2020-23657 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module Configuration. | LOW | Aug 26, 2020 |
| CVE-2020-23656 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module Content. | LOW | Aug 26, 2020 |
| CVE-2020-23655 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module Configuration. | LOW | Aug 26, 2020 |
| CVE-2020-23654 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module Shop. | LOW | Aug 26, 2020 |
| CVE-2020-23653 | An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. | HIGH | Jan 13, 2021 |
| CVE-2020-23648 | Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication. | -- | Oct 19, 2022 |
| CVE-2020-23647 | Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form. | -- | Apr 28, 2023 |
| CVE-2020-23644 | XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. | MEDIUM | Jan 13, 2021 |
| CVE-2020-23643 | XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php. | MEDIUM | Jan 13, 2021 |
| CVE-2020-23639 | A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa\'s VPort 461 Series Industrial Video Servers. | HIGH | Nov 3, 2020 |
| CVE-2020-23631 | Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter. | MEDIUM | Jan 13, 2021 |
| CVE-2020-23630 | A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). | MEDIUM | Jan 14, 2021 |
| CVE-2020-23622 | An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header | -- | Aug 16, 2022 |
| CVE-2020-23621 | The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. | HIGH | May 3, 2022 |
| CVE-2020-23620 | The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. | HIGH | May 3, 2022 |
| CVE-2020-23618 | A reflected cross site scripting (XSS) vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page. | MEDIUM | May 3, 2022 |
| CVE-2020-23617 | A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. | MEDIUM | May 3, 2022 |
| CVE-2020-23595 | Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. | -- | Aug 11, 2023 |
| CVE-2020-23593 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through \' /mgm_log_cfg.asp.\' The system starts to log events, \'Remote\' mode or \'Both\' mode on Syslog -- Configuration page logs events and sends to remote syslog server IP and Port. | -- | Nov 23, 2022 |
| CVE-2020-23592 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through \' /mgm_dev_reset.asp.\' Resetting to default leads to Escalation of Privileges by logging-in with default credentials. | -- | Nov 23, 2022 |
| CVE-2020-23591 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through /mgm_dev_upgrade.asp which can delete every file for Denial of Service (using \'rm -rf *.*\' in the code), reverse connection (using \'.asp\' webshell), backdoor. | -- | Nov 23, 2022 |
| CVE-2020-23590 | A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for WLAN SSID through wlwpa.asp. | -- | Nov 23, 2022 |
| CVE-2020-23589 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of Service by Rebooting the router through /mgm_dev_reboot.asp. | -- | Nov 23, 2022 |
| CVE-2020-23588 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Enable or Disable Ports and to Change port number through /rmtacc.asp . | -- | Nov 23, 2022 |
| CVE-2020-23587 | A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes in RoutingConfiguration on /routing.asp . | -- | Nov 23, 2022 |
| CVE-2020-23586 | A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule. | -- | Nov 23, 2022 |
| CVE-2020-23585 | A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the mgm_config_file.asp because of which attacker can create a crafted csrf form which sends malicious xml data to /boaform/admin/formMgmConfigUpload. the exploit allows attacker to gain full privileges and to fully compromise of router & network. | -- | Nov 23, 2022 |
| CVE-2020-23584 | Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using | to execute commands on /diag_tracert_admin.asp in the PingTest parameter that leads to command execution. | -- | Nov 23, 2022 |
| CVE-2020-23583 | OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on /diag_ping_admin.asp to PingTest interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system. | -- | Nov 23, 2022 |
| CVE-2020-23582 | A vulnerability in the /admin/wlmultipleap.asp of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID. | -- | Nov 23, 2022 |
| CVE-2020-23580 | Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board. | HIGH | Jul 8, 2021 |
