Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29250 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.
|
|||||
| CVE-2020-29249 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CXUUCMS V3 allows class="layui-input" XSS.
|
|||||
| CVE-2020-29247 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.
|
|||||
| CVE-2020-29241 | 1 Online News Portal Project | 1 Online News Portal | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the "Title" parameter.
|
|||||
| CVE-2020-29240 | 1 Lepton-cms | 1 Leptoncms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
|
|||||
| CVE-2020-29239 | 1 Janobe | 1 Online Voting System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.
|
|||||
| CVE-2020-29233 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.
|
|||||
| CVE-2020-29231 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability can result in the attacker injecting the XSS payload in Admin Full Name and each time admin visits the Profile page from the admin panel, the XSS triggers.
|
|||||
| CVE-2020-29230 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Panel - Manage User tab using the Full Name of the user. This vulnerability can result in the attacker injecting the XSS payload in the User Registration section and each time admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie according to the crafted payload.
|
|||||
| CVE-2020-29215 | 1 Razormist | 1 Employee Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account.
|
|||||
| CVE-2020-29205 | 1 Projectworlds | 1 Travel Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field
|
|||||
| CVE-2020-29204 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.
|
|||||
| CVE-2020-29172 | 1 Litespeedtech | 1 Litespeed Cache | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting.
|
|||||
| CVE-2020-29171 | 1 Tipsandtricks-hq | 1 Wp Security \& Firewall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.
|
|||||
| CVE-2020-29164 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
|
|||||
| CVE-2020-29146 | 1 Wayang-cms Project | 1 Wayang-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For field to the header.
|
|||||
| CVE-2020-29145 | 1 Ericsson | 2 Bscs Ix R18 Billing \& Rating Admx, Bscs Ix R18 Billing \& Rating Mx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.
|
|||||
| CVE-2020-29144 | 1 Ericsson | 2 Bscs Ix R18 Billing \& Rating Admx, Bscs Ix R18 Billing \& Rating Mx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.
|
|||||
| CVE-2020-29137 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
|
|||||
| CVE-2020-29133 | 1 Coremail Xt Project | 1 Coremail Xt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.
|
|||||
| CVE-2020-29071 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 8.5 HIGH | 9.0 CRITICAL |
|
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving sensitive information about encrypted e-mails, depending on the permissions of the target user.
|
|||||
| CVE-2020-29070 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
|
|||||
| CVE-2020-29053 | 1 Hrsale | 1 Hrsale | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
|
|||||
| CVE-2020-29029 | 1 Secomea | 1 Gatemanager Firmware | 2024-11-21 | 4.3 MEDIUM | 7.3 HIGH |
|
Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.
|
|||||
| CVE-2020-29028 | 1 Secomea | 1 Gatemanager Firmware | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
|
Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.
|
|||||
| CVE-2020-29027 | 1 Secomea | 18 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 15 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3.
|
|||||
| CVE-2020-29025 | 1 Secomea | 1 Sitemanager Embedded | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. This issue affects all versions and variants of SM-E prior to version 9.3
|
|||||
| CVE-2020-29021 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.
|
|||||
| CVE-2020-29003 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
|
|||||
| CVE-2020-29002 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
|
|||||
| CVE-2020-28968 | 1 Draytek | 26 Vigorap 1000c, Vigorap 1000c Firmware, Vigorap 700 and 23 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
|
|||||
| CVE-2020-28961 | 1 Perfexcrm | 1 Perfex Crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.
|
|||||
| CVE-2020-28957 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.
|
|||||
| CVE-2020-28956 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
|
|||||
| CVE-2020-28955 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields.
|
|||||
| CVE-2020-28947 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.
|
|||||
| CVE-2020-28945 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as  issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator.
|
|||||
| CVE-2020-28927 | 1 Magicpin | 1 Magicpin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
|
|||||