Vulnerabilities > Mono

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2020-12471 Deserialization of Untrusted Data vulnerability in Mono Monox 5.1.40.5152
MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.
network
low complexity
mono CWE-502
critical
9.8
2020-04-29 CVE-2020-12470 Files or Directories Accessible to External Parties vulnerability in Mono Monox 5.1.40.5152
MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template.
network
low complexity
mono CWE-552
7.2
2020-04-29 CVE-2020-12473 Unspecified vulnerability in Mono Monox 5.1.40.5152
MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program.
network
low complexity
mono
7.2
2020-04-29 CVE-2020-12472 Cross-site Scripting vulnerability in Mono Monox 5.1.40.5152
MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description.
network
low complexity
mono CWE-79
5.4