Paweł Hałdrzyński

4 exploits Active since May 2020
CVE-2020-13458 WRITEUP HIGH WRITEUP
verbb Image Resizer < 2.0.9 - Cross-Site Request Forgery in Log-Clear Action
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
CVSS 8.8
CVE-2020-13459 WRITEUP MEDIUM WRITEUP
verbb Image Resizer < 2.0.9 - Stored Cross-Site Scripting in Bulk Resize Action
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
CVSS 5.4
CVE-2020-13485 WRITEUP CRITICAL WRITEUP
verbb knock_knock < 1.2.8 - IP Whitelist Bypass via X-Forwarded-For Header
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
CVSS 9.1
CVE-2020-13486 WRITEUP MEDIUM WRITEUP
verbb knock_knock < 1.2.8 - Open Redirect
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
CVSS 6.1