LoRexxar

CVE-2020-18657 WRITEUP MEDIUM WRITEUP

GetSimpleCMS <= 3.3.15 - XSS

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.

CVSS 6.1

View Code

CVE-2020-18658 WRITEUP MEDIUM WRITEUP

GetSimpleCMS <=3.3.15 - XSS

Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.

CVSS 6.1

View Code

CVE-2020-18659 WRITEUP MEDIUM WRITEUP

GetSimpleCMS <=3.3.15 - XSS

Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php

CVSS 6.1

View Code

CVE-2020-18660 WRITEUP MEDIUM WRITEUP

GetSimpleCMS <=3.3.15 - Open Redirect

GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.

CVSS 6.1

View Code

CVE-2020-18664 WRITEUP MEDIUM WRITEUP

WebPort <=1.19.1 - XSS

Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn.

CVSS 5.4

View Code

CVE-2020-18665 WRITEUP MEDIUM WRITEUP

WebPort <=1.19.1 - Path Traversal

Directory Traversal vulnerability in WebPort <=1.19.1 in tags of system settings.

CVSS 5.3

View Code

CVE-2020-18667 WRITEUP CRITICAL WRITEUP

WebPort <=1.19.1 - SQL Injection

SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn.

CVSS 9.8

View Code

CVE-2020-18668 WRITEUP MEDIUM WRITEUP

WebPort <=1.19.1 - XSS

Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls.

CVSS 5.4

View Code

CVE-2019-11229 EXPLOITDB HIGH python WORKING POC

Gitea < 1.7.6 - Remote Code Execution

models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.

CVSS 8.8

View Code