3 matches found
CVE-2020-20588
CVE-2020-20588 affects zhimengzhe iBarn 1.5 via a file upload vulnerability in the upload function of action/Core.class.php, allowing remote code execution through avatar uploads to index.php. The NVD/NIST entry scores it CVSS 3.1 Base Score 8.8 (High) with network access, low attack complexity, ...
CVE-2024-38469
CVE-2024-38469 concerns zhimengzhe iBarn v1.5, where a reflected XSS vulnerability is triggered via the $search parameter on /pay.php. The available documents identify the affected software/component and the vulnerability class, but do not provide exploit details, affected versions beyond v1.5, c...
CVE-2024-38470
CVE-2024-38470 affects iBarn v1.5, with a reflected XSS in the /own.php endpoint exposed via the search parameter. The vulnerability arises from unsanitized input reflected in the response, enabling HTML/JS injection (impact described as Low Confidentiality and Integrity, with no Availability imp...