Vulnerabilities > Indexhibit > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2020-18123 | Cross-Site Request Forgery (CSRF) vulnerability in Indexhibit 2.1.5 A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. | 6.5 |
| 2021-08-30 | CVE-2020-18124 | Cross-Site Request Forgery (CSRF) vulnerability in Indexhibit 2.1.5 A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. | 5.7 |
| 2021-08-30 | CVE-2020-18125 | Cross-site Scripting vulnerability in Indexhibit 2.1.5 A reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML. | 6.1 |
| 2021-08-30 | CVE-2020-18126 | Cross-site Scripting vulnerability in Indexhibit 2.1.5 Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML. | 5.4 |
| 2021-08-30 | CVE-2020-18127 | Path Traversal vulnerability in Indexhibit 2.1.5 An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files. | 6.5 |