CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35252
https://notcve.org/view.php?id=CVE-2020-35252
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0. Una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio del parámetro "Full Name" en la sección User Registration de User Registration & Login System con Admin Panel versión 1.0 • https://www.exploit-db.com/exploits/49153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35273
https://notcve.org/view.php?id=CVE-2020-35273
EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account. EgavilanMedia User Registration & Login System with Admin Panel versión 1.0, está afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) para alcanzar privilegios remotamente en el panel User Profile. Un atacante puede actualizar la cuenta de cualquier usuario • http://egavilanmedia.com https://www.exploit-db.com/exploits/49151 • CWE-352: Cross-Site Request Forgery (CSRF) •