Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22181 | 1 Samsung | 2 Sww-3400rw, Sww-3400rw Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi
|
|||||
| CVE-2020-22167 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.
|
|||||
| CVE-2020-22158 | 1 Mediakind | 2 Rx8200, Rx8200 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the "name" parameter with the malicious code.
|
|||||
| CVE-2020-22152 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.
|
|||||
| CVE-2020-22150 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML.
|
|||||
| CVE-2020-22148 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML.
|
|||||
| CVE-2020-21993 | 1 Wems | 1 Enterprise Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
|
|||||
| CVE-2020-21987 | 1 Homeautomation Project | 1 Homeautomation | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.
|
|||||
| CVE-2020-21967 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.
|
|||||
| CVE-2020-21930 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
|
|||||
| CVE-2020-21929 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
|
|||||
| CVE-2020-21854 | 1 Tidesec | 1 Wdscanner | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the system management page.
|
|||||
| CVE-2020-21845 | 1 Codoforum | 1 Codoforum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'
|
|||||
| CVE-2020-21783 | 1 Ibos | 1 Ibos | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter.
|
|||||
| CVE-2020-21733 | 1 Sagemcom | 2 F\@st 3686, F\@st 3686 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
|
|||||
| CVE-2020-21732 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
|
|||||
| CVE-2020-21731 | 1 Gazie Project | 1 Gazie | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code.
|
|||||
| CVE-2020-21729 | 1 Jeecms | 1 Jeecms X | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2020-21656 | 1 Xyhcms | 1 Xyhcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index.
|
|||||
| CVE-2020-21639 | 1 Ruijie | 2 Rg-uac 6000-e50, Rg-uac 6000-e50 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2020-21517 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.
|
|||||
| CVE-2020-21506 | 1 Waimai Super Cms Project | 1 Waimai Super Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add.
|
|||||
| CVE-2020-21505 | 1 Waimai Super Cms Project | 1 Waimai Super Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave.
|
|||||
| CVE-2020-21504 | 1 Waimai Super Cms Project | 1 Waimai Super Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login.
|
|||||
| CVE-2020-21496 | 1 Xiuno | 1 Xiunobbs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter.
|
|||||
| CVE-2020-21495 | 1 Xiuno | 1 Xiunobbs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter.
|
|||||
| CVE-2020-21494 | 1 Xiuno | 1 Xiunobbs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.
|
|||||
| CVE-2020-21482 | 1 Rgcms Project | 1 Rgcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the administrator's cookie via a crafted payload in the Name field under the Message Board module
|
|||||
| CVE-2020-21434 | 1 Maccms | 1 Maccms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.
|
|||||
| CVE-2020-21387 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.
|
|||||
| CVE-2020-21362 | 1 Maccms | 1 Maccms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
|
|||||
| CVE-2020-21357 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field.
|
|||||
| CVE-2020-21353 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module.
|
|||||
| CVE-2020-21345 | 1 Halo | 1 Halo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code.
|
|||||
| CVE-2020-21333 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case.
|
|||||
| CVE-2020-21316 | 1 Zrlog | 1 Zrlog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.
|
|||||
| CVE-2020-21266 | 1 Broadleafcommerce | 1 Broadleaf Commerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability.
|
|||||
| CVE-2020-21228 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
|
|||||
| CVE-2020-21161 | 1 Ruckuswireless | 2 Zonedirector, Zonedirector Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0.
|
|||||
| CVE-2020-21147 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering.
|
|||||