Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23986 | 1 Github Readme Stats Project | 1 Github Readme Stats | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError.
|
|||||
| CVE-2020-23984 | 1 Online Hotel Booking System Pro Project | 1 Online Hotel Booking System Pro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags.
|
|||||
| CVE-2020-23983 | 1 Ichat Project | 1 Ichat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags.
|
|||||
| CVE-2020-23982 | 1 Designmasterevents | 1 Conference Management Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php'
|
|||||
| CVE-2020-23981 | 1 13enforme | 1 13enforme Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter.
|
|||||
| CVE-2020-23977 | 1 Kandnconcepts Club Cms Project | 1 Kandnconcepts Club Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter.
|
|||||
| CVE-2020-23975 | 1 Webexcels | 1 Ecommerce Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter.
|
|||||
| CVE-2020-23974 | 1 Create-project Manager Project | 1 Create-project Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags).
|
|||||
| CVE-2020-23962 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcement_gonggao" parameter.
|
|||||
| CVE-2020-23957 | 1 Pega | 1 Pega Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.
|
|||||
| CVE-2020-23868 | 1 Nedi | 1 Nedi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
NeDi 1.9C allows inc/rt-popup.php d XSS.
|
|||||
| CVE-2020-23849 | 1 Jsoneditoronline | 1 Jsoneditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript.
|
|||||
| CVE-2020-23839 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.
|
|||||
| CVE-2020-23835 | 1 Tailor Management System Project | 1 Tailor Management System | 2024-11-21 | 4.3 MEDIUM | 6.4 MEDIUM |
|
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.
|
|||||
| CVE-2020-23832 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login.
|
|||||
| CVE-2020-23831 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 4.3 MEDIUM | 6.4 MEDIUM |
|
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials.
|
|||||
| CVE-2020-23814 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
|
|||||
| CVE-2020-23774 | 1 Winmail Project | 1 Winmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.
|
|||||
| CVE-2020-23762 | 1 Larsens Calendar Project | 1 Larsens Calendar | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.
|
|||||
| CVE-2020-23761 | 1 Intelliants | 1 Subrion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.
|
|||||
| CVE-2020-23754 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.
|
|||||
| CVE-2020-23721 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.
|
|||||
| CVE-2020-23719 | 1 Zibbs Project | 1 Zibbs | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.
|
|||||
| CVE-2020-23718 | 1 Zibbs Project | 1 Zibbs | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php.
|
|||||
| CVE-2020-23710 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature.
|
|||||
| CVE-2020-23702 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php.
|
|||||
| CVE-2020-23700 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature.
|
|||||
| CVE-2020-23697 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.
|
|||||
| CVE-2020-23689 | 1 Yfcmf | 1 Yfcmf | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page.
|
|||||
| CVE-2020-23660 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search."
|
|||||
| CVE-2020-23659 | 1 Webport | 1 Web Port | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature.
|
|||||
| CVE-2020-23658 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php.
|
|||||
| CVE-2020-23657 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
|
|||||
| CVE-2020-23656 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content."
|
|||||
| CVE-2020-23655 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
|
|||||
| CVE-2020-23654 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."
|
|||||
| CVE-2020-23644 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
|
|||||
| CVE-2020-23643 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.
|
|||||
| CVE-2020-23618 | 1 Xtendtech | 1 Voice Logger | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected cross site scripting (XSS) vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page.
|
|||||
| CVE-2020-23617 | 1 Totolink | 4 N100re, N100re Firmware, N200re and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.
|
|||||