Lucene search

Verbb Security Vulnerabilities

cve

CVE-2020-13458

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.

8.8CVSS

8.7AI Score

0.001EPSS

2020-05-25 05:15 PM

cve

CVE-2020-13459

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.

5.4CVSS

5.2AI Score

0.001EPSS

2020-05-25 05:15 PM

cve

CVE-2020-13485

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.

9.1CVSS

9.2AI Score

0.002EPSS

2020-05-25 11:15 PM

cve

CVE-2020-13486

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.

6.1CVSS

6.2AI Score

0.001EPSS

2020-05-25 11:15 PM

cve

CVE-2020-13868

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.

6.5CVSS

6.5AI Score

0.001EPSS

2020-06-05 07:15 PM

cve

CVE-2020-13869

An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.

5.4CVSS

5.1AI Score

0.001EPSS

2020-06-05 07:15 PM

cve

CVE-2020-13870

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.

5.4CVSS

5.1AI Score

0.001EPSS

2020-06-05 07:15 PM