Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23052 | 1 Catalyst | 1 Mahara | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters.
|
|||||
| CVE-2020-23051 | 1 User Registration \& Login And User Management System With Admin Panel Project | 1 User Registration \& Login And User Management System With Admin Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields.
|
|||||
| CVE-2020-23049 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.
|
|||||
| CVE-2020-23048 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters.
|
|||||
| CVE-2020-23047 | 1 Macs Cms Project | 1 Macs Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module.
|
|||||
| CVE-2020-23046 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
|
|||||
| CVE-2020-23044 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
|
|||||
| CVE-2020-23042 | 1 Dropouts | 1 Super Backup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.
|
|||||
| CVE-2020-23041 | 1 Dropouts | 1 Air Share | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.
|
|||||
| CVE-2020-23039 | 1 Newsoftwares | 1 Folder Lock | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name.
|
|||||
| CVE-2020-23014 | 1 Apfell Project | 1 Apfell | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel.
|
|||||
| CVE-2020-22987 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
|
|||||
| CVE-2020-22986 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.
|
|||||
| CVE-2020-22985 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
|
|||||
| CVE-2020-22984 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
|
|||||
| CVE-2020-22864 | 1 Froala | 1 Froala Editor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.
|
|||||
| CVE-2020-22842 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
|
|||||
| CVE-2020-22841 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
|
|||||
| CVE-2020-22839 | 1 B2evolution | 1 B2evolution Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.
|
|||||
| CVE-2020-22808 | 1 Fecmall Project | 1 Fecmall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulnerability in the check cart page.
|
|||||
| CVE-2020-22790 | 1 Safe | 1 Fme Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.
|
|||||
| CVE-2020-22789 | 1 Safe | 1 Fme Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.
|
|||||
| CVE-2020-22765 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module.
|
|||||
| CVE-2020-22732 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
|
|||||
| CVE-2020-22723 | 1 Ljcmsshop Project | 1 Ljcmsshop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address.
|
|||||
| CVE-2020-22719 | 1 Shimo | 1 Document | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Shimo Document v2.0.1 contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field.
|
|||||
| CVE-2020-22609 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.
|
|||||
| CVE-2020-22608 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.
|
|||||
| CVE-2020-22607 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php.
|
|||||
| CVE-2020-22481 | 1 Hack | 1 Hfish | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in HFish 0.5.1. When a payload is inserted where the password is entered, XSS code is triggered when the administrator views the information.
|
|||||
| CVE-2020-22453 | 1 Untis | 1 Webuntis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information.
|
|||||
| CVE-2020-22428 | 1 Solarwinds | 2 Serv-u Ftp Server, Serv-u Mft Server | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
|
|||||
| CVE-2020-22421 | 1 74cms | 1 74cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vulnerability via /index.php?m=&c=help&a=help_list&key.
|
|||||
| CVE-2020-22394 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2020-22392 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
|
|||||
| CVE-2020-22330 | 1 Intelliants | 1 Subrion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.
|
|||||
| CVE-2020-22312 | 1 Hznuoj Project | 1 Hznuoj | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0.
|
|||||
| CVE-2020-22251 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.
|
|||||
| CVE-2020-22224 | 1 Phpjabbers | 1 Fundraising Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function.
|
|||||
| CVE-2020-22222 | 1 Phpjabbers | 1 Fundraising Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function.
|
|||||