27 matches found
CVE-2020-18121
A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell...
CVE-2020-18125
A reflected cross-site scripting XSS vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-18126
Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-18124
A cross-site request forgery CSRF vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords...
CVE-2020-18126
Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-18123
A cross-site request forgery CSRF vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts...
CVE-2020-18121
A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell...
CVE-2020-18127
An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files...
Design/Logic Flaw
An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files...
Design/Logic Flaw
A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell...
Cross site scripting
A reflected cross-site scripting XSS vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts...
CVE-2020-18125
A reflected cross-site scripting XSS vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-18125
CVE-2020-18125 is a reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5. The issue allows attackers to execute arbitrary web scripts or HTML. Evidence from connected documents confirms the affected product (Indexhibit 2.1.5) and the vulnerable ...
CVE-2020-18121
A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell...
CVE-2020-18124
CVE-2020-18124 is a CSRF vulnerability in Indexhibit 2.1.5 that allows an attacker to arbitrarily reset user passwords. The connected documents confirm the affected software and the underlying issue (cross-site request forgery enabling password resets). There is no explicit information here about...
CVE-2020-18124
A cross-site request forgery CSRF vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords...
CVE-2020-18123
A cross-site request forgery CSRF vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts...
CVE-2020-18123
The CVE-2020-18123 entries describe a CSRF vulnerability in Indexhibit 2.1.5 that allows an attacker to arbitrarily delete administrator accounts. Affected software: Indexhibit 2.1.5 (web-based CMS). Underlying issue: cross-site request forgery enabling unauthorized admin deletion. Impact: admini...
CVE-2020-18126
Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...