Noth

4 exploits Active since Jul 2020
CVE-2020-27533 EXPLOITDB MEDIUM text WORKING POC
DedeCMS 5.8 - Cross-Site Scripting in Search Feature
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.
CVSS 5.4
CVE-2020-15600 EXPLOITDB MEDIUM text WORKING POC
CMSUno < 1.6.1 - Cross-Site Request Forgery via Admin Password Change
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVSS 6.5
CVE-2020-25453 EXPLOITDB HIGH text WORKING POC
BlackCat CMS < 1.4 - Cross-Site Request Forgery Bypass
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
CVSS 8.8
CVE-2020-23522 EXPLOITDB MEDIUM html WORKING POC
Pixelimity 1.0 - Cross-Site Request Forgery via Admin Setting Password Parameter
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
CVSS 6.8