CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2020/12/11 4:15 a.m.•12 views

CVE-2020-35126

Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy...

4.8CVSS5AI score0.00694EPSS

OSV•added 2020/12/11 4:15 a.m.•9 views

CVE-2020-35126

4.8CVSS5AI score0.00694EPSS

Prion•added 2020/12/11 4:15 a.m.•18 views

Cross site scripting

3.5CVSS4.8AI score0.00694EPSS

CVE•added 2020/12/11 3:57 a.m.•67 views

CVE-2020-35126

Typesetter CMS 5.x–5.1 is affected by a Site Title persistent XSS via the Admin/Configuration URI. The vulnerability stems from the Admin/Configuration URI handling of the Site Title, enabling an attacker with admin access to persistently inject XSS content. No explicit fixed version is listed in...

4.8CVSS4.9AI score0.00694EPSS

Cvelist•added 2020/12/11 3:57 a.m.•18 views

CVE-2020-35126

5AI score0.00694EPSS

OSV•added 2020/12/09 6:15 p.m.•4 views

CVE-2020-2020

An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR...

5.5CVSS6.1AI score0.00304EPSS

Cvelist•added 2020/12/09 6:0 p.m.•33 views

CVE-2020-2020 Cortex XDR Agent: Exceptional condition denial-of-service (DoS)

5.5CVSS5.3AI score0.00304EPSS

Packet Storm•added 2020/12/08 12:0 a.m.•372 views

Employee Performance Evaluation System 1.0 Cross Site Scripting

Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting Date: 08/12/2020 Exploit Author: Ritesh Gohil Vendor Homepage: https://www.sourcecodester.com Software Link:...

0.1AI score

Prion•added 2020/12/07 10:15 p.m.•21 views

Code injection

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects v1.19.3, v1.18.10, v1.17.13...

2.1CVSS6.1AI score0.0052EPSS

Exploits0References3Affected Software1

Cvelist•added 2020/12/07 10:0 p.m.•34 views

CVE-2020-8566 Ceph RBD adminSecrets exposed in logs when loglevel >= 4

4.7CVSS5.5AI score0.0052EPSS

Exploits0References3

Exploit DB•added 2020/12/07 12:0 a.m.•485 views

Cyber Cafe Management System Project (CCMS) 1.0 - Persistent Cross-Site Scripting

Exploit Title: Cyber Cafe Management System Project CCMS 1.0 - Persistent Cross-Site Scripting Date: 04-12-2020 Exploit Author: Pruthvi Nekkanti Vendor Homepage: https://phpgurukul.com Product link: https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/ Version: 1.0 Tested on: Kali...

GitLab Advisory Database•added 2020/12/07 12:0 a.m.•33 views

Inclusion of Sensitive Information in Log Files

5.5CVSS2.3AI score0.0052EPSS

Packet Storm•added 2020/12/04 12:0 a.m.•775 views

Composr CMS 10.0.34 Cross Site Scripting

Exploit Title: Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting Date: 3-12-2020 Exploit Author: Parshwa Bhavsar Vendor Homepage: https://compo.sr/ Software Link: https://compo.sr/download.htm Version: 10.0.34 Tested on: Windows 10/ Kali Linux Steps To Reproduce :- 1. Install the CM...

Exploit DB•added 2020/12/04 12:0 a.m.•881 views

Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting

Packet Storm•added 2020/12/04 12:0 a.m.•995 views

Perfex CRM 2.4.4 Cross Site Scripting

Document Title: =============== Perfex v2.4.4 CRM - Print Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2231 Release Date: ============= 2020-06-24 Vulnerability Laboratory ID VL-ID: ==================================== 22...

Packet Storm•added 2020/12/04 12:0 a.m.•1089 views

VestaCP 0.9.8-26 Cross Site Scripting

Document Title: =============== VestaCP v0.9.8-26 - period Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2239 Release Date: ============= 2020-11-24 Vulnerability Laboratory ID VL-ID: ====================================...

The Hacker News•added 2020/12/03 10:59 a.m.•7 views

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected

TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system. The new functionality, dubbed "TrickBoot" by Advanced Intelligence...

5.7AI score

Packet Storm•added 2020/12/02 12:0 a.m.•398 views

NewsLister Cross Site Scripting

Exploit Title: NewsLister - Authenticated Persistent Cross-Site Scripting Date: 2020-11-27 Exploit Author: Emre Aslan Vendor Homepage: https://www.netartmedia.net/newslister.html Tested on: Windows & XAMPP == PoC HTTP Request == GET /admin/index.php?page=add HTTP/1.1 Host: 127.0.0.1:8080...

Exploit DB•added 2020/12/02 12:0 a.m.•435 views

Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting

Exploit Title: Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting Date: 26-11-2020 Exploit Author: Parshwa Bhavsar Vendor Homepage: https://www.sourcecodester.com/ Software Link:...