Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alexandre zanni vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-25557
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can r...
Cmsuno Project Cmsuno 1.6.2
1 Github repository
8.8
CVSSv3
CVE-2020-25538
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.
Cmsuno Project Cmsuno 1.6.2
1 Github repository
4.8
CVSSv3
CVE-2019-13029
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 prior to 8.10.20 and 9 prior to 9.1.2 allow an malicious user to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
Vanderbilt Redcap
1 EDB exploit
5.4
CVSSv3
CVE-2020-8776
Alfresco Enterprise prior to 5.2.7 and Alfresco Community prior to 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
Alfresco Alfresco
1 EDB exploit
5.4
CVSSv3
CVE-2020-8777
Alfresco Enterprise prior to 5.2.7 and Alfresco Community prior to 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
Alfresco Alfresco
1 EDB exploit
5.4
CVSSv3
CVE-2020-8778
Alfresco Enterprise prior to 5.2.7 and Alfresco Community prior to 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
Alfresco Alfresco
1 EDB exploit
8.8
CVSSv3
CVE-2019-14530
An issue exists in custom/ajax_download.php in OpenEMR prior to 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/open...
Open-emr Openemr
3 Github repositories
9.1
CVSSv3
CVE-2022-0482
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments before 1.4.3.
Easyappointments Easyappointments
2 Github repositories
8.8
CVSSv3
CVE-2018-15139
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images ...
Open-emr Openemr
1 Github repository
5.3
CVSSv3
CVE-2023-23752
An issue exists in Joomla! 4.0.0 up to and including 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Joomla Joomla\\!
54 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »