CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13485
https://notcve.org/view.php?id=CVE-2020-13485
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. El plugin Knock Knock versiones anteriores a 1.2.8 para Craft CMS, permite una omisión de IP Whitelist a través de un encabezado HTTP X-Forward-For. • https://github.com/verbb/knock-knock/blob/craft-3/CHANGELOG.md https://limpidsecurity.pl/security-advisories/1/knock-knock-plugin-for-craft-cms • CWE-697: Incorrect Comparison •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13486
https://notcve.org/view.php?id=CVE-2020-13486
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. El plugin Knock Knock versiones anteriores a 1.2.8 para Craft CMS, permite una redirección maliciosa. • https://github.com/verbb/knock-knock/blob/craft-3/CHANGELOG.md • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •