Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23576 | 1 Laborator | 1 Neon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab.
|
|||||
| CVE-2020-23518 | 1 Ultimatekode | 1 Neo Billing | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML.
|
|||||
| CVE-2020-23517 | 1 Aryanic | 1 High Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.
|
|||||
| CVE-2020-23481 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.
|
|||||
| CVE-2020-23466 | 1 Phpgurukul | 1 Online Marriage Registration System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.
|
|||||
| CVE-2020-23452 | 1 Selenium | 1 Selenium Grid | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page.
|
|||||
| CVE-2020-23450 | 1 Spiceworks | 1 Spiceworks | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.
|
|||||
| CVE-2020-23447 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".
|
|||||
| CVE-2020-23374 | 1 5none | 1 Nonecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
|
|||||
| CVE-2020-23373 | 1 5none | 1 Nonecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
|
|||||
| CVE-2020-23371 | 1 5none | 1 Nonecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
|
|||||
| CVE-2020-23370 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.
|
|||||
| CVE-2020-23369 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
|
|||||
| CVE-2020-23341 | 1 Atutor | 1 Atutor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2020-23263 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add.
|
|||||
| CVE-2020-23243 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.
|
|||||
| CVE-2020-23242 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
|
|||||
| CVE-2020-23241 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
|
|||||
| CVE-2020-23240 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
|
|||||
| CVE-2020-23239 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
|
|||||
| CVE-2020-23238 | 1 Evo | 1 Evolution Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.
|
|||||
| CVE-2020-23234 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".
|
|||||
| CVE-2020-23226 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.
|
|||||
| CVE-2020-23217 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module.
|
|||||
| CVE-2020-23214 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module.
|
|||||
| CVE-2020-23209 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module.
|
|||||
| CVE-2020-23208 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module.
|
|||||
| CVE-2020-23207 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module.
|
|||||
| CVE-2020-23205 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module.
|
|||||
| CVE-2020-23194 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2020-23192 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module.
|
|||||
| CVE-2020-23190 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2020-23185 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2020-23184 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field.
|
|||||
| CVE-2020-23181 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field.
|
|||||
| CVE-2020-23179 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field.
|
|||||
| CVE-2020-23126 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends.
|
|||||
| CVE-2020-23065 | 1 Ibexa | 2 Ezpublish Legacy, Ezpublish Platform | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf.
|
|||||
| CVE-2020-23055 | 1 Lancom-systems | 3 Lcos, Wlc-1000, Wlc-4006 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module via the userid and password parameters.
|
|||||
| CVE-2020-23054 | 1 User-agent Switcher And Manager Project | 1 User-agent Switcher And Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field.
|
|||||