Lucene search
+L

191 matches found

OSV
OSV
added 2021/04/07 4:15 p.m.29 views

CVE-2020-24137

Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php...

5.3CVSS6.8AI score0.01412EPSS
Exploits0References2
OSV
OSV
added 2021/04/07 4:15 p.m.22 views

CVE-2020-24140

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...

8.3CVSS7AI score0.01155EPSS
Exploits1References2
OSV
OSV
added 2021/04/07 4:15 p.m.19 views

CVE-2020-24139

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...

8.3CVSS7AI score0.01051EPSS
Exploits1References2
NVD
NVD
added 2021/04/07 4:15 p.m.16 views

CVE-2020-24135

A Reflected Cross Site Scripting XSS Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php...

6.1CVSS0.00903EPSS
Exploits1References2
OSV
OSV
added 2021/04/07 4:15 p.m.20 views

CVE-2020-24135

A Reflected Cross Site Scripting XSS Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php...

6.1CVSS6AI score0.00903EPSS
Exploits1References2
Prion
Prion
added 2021/04/07 4:15 p.m.17 views

Directory traversal

Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php...

5CVSS5.3AI score0.01412EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/04/07 4:15 p.m.14 views

Cross site scripting

A Reflected Cross Site Scripting XSS Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php...

4.3CVSS6AI score0.00903EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/04/07 4:15 p.m.18 views

Server side request forgery (ssrf)

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...

7.5CVSS8.2AI score0.01051EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/04/07 4:15 p.m.17 views

Server side request forgery (ssrf)

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...

7.5CVSS8.2AI score0.01155EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2021/04/07 3:15 p.m.33 views

CVE-2020-24138

Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...

6.1CVSS0.00908EPSS
Exploits1References2
NVD
NVD
added 2021/04/07 3:15 p.m.24 views

CVE-2020-24136

Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php...

8.6CVSS0.02223EPSS
Exploits1References2
OSV
OSV
added 2021/04/07 3:15 p.m.25 views

CVE-2020-24138

Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...

6.1CVSS5.8AI score0.00908EPSS
Exploits1References2
OSV
OSV
added 2021/04/07 3:15 p.m.20 views

CVE-2020-24136

Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php...

8.6CVSS6.8AI score0.02223EPSS
Exploits1References2
Prion
Prion
added 2021/04/07 3:15 p.m.15 views

Cross site scripting

Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...

4.3CVSS6AI score0.00908EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/04/07 3:15 p.m.19 views

Directory traversal

Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php...

7.8CVSS8.4AI score0.02223EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/04/07 3:5 p.m.33 views

CVE-2020-24137

Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php...

5.3AI score0.01412EPSS
Exploits0References2
CVE
CVE
added 2021/04/07 3:5 p.m.43 views

CVE-2020-24137

CVE-2020-24137 affects WCMS 0.3.2. The vulnerability is a directory traversal in the wex/cssjs.php script, exploitable via the path parameter to read arbitrary files on the server. The connected Red Hat, CNVD, NVD, OSV, and CVE records corroborate the same issue. Exploit specifics and fixes are n...

5.3CVSS5.2AI score0.01412EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/07 3:4 p.m.31 views

CVE-2020-24140

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...

8.3AI score0.01155EPSS
Exploits1References2
CVE
CVE
added 2021/04/07 3:4 p.m.49 views

CVE-2020-24140

CVE-2020-24140 describes an SSRF in WCMS version 0.3.2. An attacker can craft requests via the pagename parameter to wex/html.php from the vulnerable web application’s back-end server, enabling discovery of open ports and local network hosts and the execution of commands on local services. The co...

8.3CVSS8.2AI score0.01155EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/04/07 3:3 p.m.23 views

CVE-2020-24139

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...

8.3AI score0.01051EPSS
Exploits1References2
Rows per page
Query Builder