CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12470
https://notcve.org/view.php?id=CVE-2020-12470
MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. MonoX versiones anteriores a la versión 5.1.40.5152, permite a administradores ejecutar código arbitrario al modificar una plantilla ASPX. • https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Privilege%20Escalation%20via%20Template%20Modification • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-12471
https://notcve.org/view.php?id=CVE-2020-12471
MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler. MonoX versiones anteriores a 5.1.40.5152, permite una ejecución de código remota por medio de los archivos HTML5Upload.ashx o Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx debido a una deserialización en ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload y SilverLightUploadHandler. • https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Remote%20Code%20Execution%20via%20Insecure%20Deserialization • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12472
https://notcve.org/view.php?id=CVE-2020-12472
MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. MonoX versiones anteriores a 5.1.40.5152, permite un ataque de tipo XSS almacenado por medio de User Status, Blog Comments, o Blog Description. • https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Multiple%20Cross-Site-Scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12473
https://notcve.org/view.php?id=CVE-2020-12473
MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. MonoX versiones anteriores a la versión 5.1.40.5152, permite a los administradores ejecutar programas arbitrarios al reconfigurar el ajuste de Converter Executable del archivo ffmpeg.exe a un programa diferente. • https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Privilege%20Escalation%20via%20ConvertVideo •