CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13486
https://notcve.org/view.php?id=CVE-2020-13486
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. El plugin Knock Knock versiones anteriores a 1.2.8 para Craft CMS, permite una redirección maliciosa. • https://github.com/verbb/knock-knock/blob/craft-3/CHANGELOG.md • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13458
https://notcve.org/view.php?id=CVE-2020-13458
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action. Se detectó un problema en el plugin Image Resizer versiones anteriores a 2.0.9 para Craft CMS. Presenta problemas de tipo CSRF con la acción del controlador log-clear. • https://github.com/verbb/image-resizer/blob/craft-3/CHANGELOG.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13459
https://notcve.org/view.php?id=CVE-2020-13459
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action. Se detectó un problema en el plugin Image Resizer versiones anteriores a 2.0.9 para Craft CMS. Presenta una vulnerabilidad de tipo XSS almacenado en la acción Bulk Resize. • https://github.com/verbb/image-resizer/blob/craft-3/CHANGELOG.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •