Paweł Hałdrzyński

4 exploits Active since May 2020
CVE-2020-13458 WRITEUP HIGH WRITEUP
Image Resizer <2.0.9 - CSRF
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
CVSS 8.8
CVE-2020-13459 WRITEUP MEDIUM WRITEUP
Image Resizer <2.0.9 - XSS
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
CVSS 5.4
CVE-2020-13485 WRITEUP CRITICAL WRITEUP
Knock Knock <1.2.8 - CSRF
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
CVSS 9.1
CVE-2020-13486 WRITEUP MEDIUM WRITEUP
Knock Knock <1.2.8 - Open Redirect
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
CVSS 6.1