Security Vulnerabilities - CVEs Published In August 2020
13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-08-27
DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php'
CVSS Score
6.1
EPSS Score
0.001
Published
2020-08-27
Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-08-27
Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-08-27
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-08-27
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter.
CVSS Score
9.8
EPSS Score
0.009
Published
2020-08-27
KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-08-27
SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"
CVSS Score
9.8
EPSS Score
0.009
Published
2020-08-27
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.
CVSS Score
7.5
EPSS Score
0.723
Published
2020-08-27
KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-08-27