Filtered by vendor Verbb
Subscribe
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13485 | 1 Verbb | 1 Knock Knock | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. | |||||
| CVE-2020-13458 | 1 Verbb | 1 Image Resizer | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action. | |||||
| CVE-2020-13870 | 1 Verbb | 1 Comments | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name. | |||||
| CVE-2020-13869 | 1 Verbb | 1 Comments | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name. | |||||
| CVE-2020-13486 | 1 Verbb | 1 Knock Knock | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. | |||||
| CVE-2020-13868 | 1 Verbb | 1 Comments | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity. | |||||
| CVE-2020-13459 | 1 Verbb | 1 Image Resizer | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action. | |||||