CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18262
https://notcve.org/view.php?id=CVE-2020-18262
03 Nov 2021 — ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. Se ha detectado que ED01-CMS versión v1.0, contiene una inyección SQL en el componente cposts.php por medio del parámetro cid • https://github.com/chilin89117/ED01-CMS/issues/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18259
https://notcve.org/view.php?id=CVE-2020-18259
03 Nov 2021 — ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields. Se ha detectado que ED01-CMS versión v1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflectiva en el componente sposts.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio d... • https://github.com/chilin89117/ED01-CMS/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 22%CPEs: 1EXPL: 1CVE-2021-36547
https://notcve.org/view.php?id=CVE-2021-36547
28 Oct 2021 — A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file. Una vulnerabilidad de ejecución de código remota (RCE) en el componente /codebase/dir.php?type=filenew de Mara versión v7.5, permite a atacantes ejecutar comandos arbitrarios por medio de un archivo PHP diseñado • https://github.com/r0ck3t1973/RCE/issues/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25422
https://notcve.org/view.php?id=CVE-2020-25422
28 Oct 2021 — A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de tipo cross site scripting (XSS) en el archivo menuedit.php de Mara CMS versión 7.5, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada • https://github.com/r0ck3t1973/xss_payload/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23045
https://notcve.org/view.php?id=CVE-2020-23045
22 Oct 2021 — Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules. Se ha detectado que Macrob7 Macs Framework Content Management System versión 1.14f, contiene una vulnerabilidad de inyección SQL por medio del parámetro "roleId" de los módulos "editRole" y "deletUser" • https://www.vulnerability-lab.com/get_content.php?id=2206 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23047
https://notcve.org/view.php?id=CVE-2020-23047
22 Oct 2021 — Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module. Se ha detectado que Macrob7 Macs Framework Content Management System versión 1.14f, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el campo de entrada search del módulo search • https://www.vulnerability-lab.com/get_content.php?id=2206 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19962
https://notcve.org/view.php?id=CVE-2020-19962
14 Oct 2021 — A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenada en la función getClientIp en el archivo /lib/tinwin.class.php de Chaoji CMS 2.39, permite a atacantes ejecutar scripts web arbitrarios • https://github.com/zhuxianjin/vuln_repo/blob/master/chaojicms_stored_xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2020-21865
https://notcve.org/view.php?id=CVE-2020-21865
07 Oct 2021 — ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha. ThinkPHP50-CMS versión v1.0, contiene una vulnerabilidad de ejecución de código remota (RCE) en el componente /public/?s=captcha • https://github.com/nnngu/ThinkPHP50-CMS/issues/1 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21506
https://notcve.org/view.php?id=CVE-2020-21506
05 Oct 2021 — waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add. waimai Super Cms versión 20150505, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /admin.php?m=Config&a=add • https://github.com/caokang/waimai/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21505
https://notcve.org/view.php?id=CVE-2020-21505
05 Oct 2021 — waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave. waimai Super Cms versión 20150505, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /admin.php/Link/addsave • https://github.com/caokang/waimai/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •