2 matches found
CVE-2020-13458
CVE-2020-13458 affects the Craft CMS Image Resizer plugin prior to 2.0.9. The issue is a CSRF flaw in the log-clear controller action, enabling CSRF exploitation with no authentication and requiring user interaction. CVSSv3.1 base score is 8.8 (HIGH) with network attack vector, low attack complex...
CVE-2020-13459
The CVE-2020-13459 entry concerns the Image Resizer plugin for Craft CMS (versions before 2.0.9). The vulnerability is a stored XSS in the Bulk Resize action. Affected component: Image Resizer plugin, Craft CMS ecosystem. Root cause details are not provided beyond the stored XSS description in th...