Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1063 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
|
|||||
| CVE-2020-1050 | 1 Microsoft | 1 Dynamics 365 Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1049.
|
|||||
| CVE-2020-1049 | 1 Microsoft | 1 Dynamics 365 Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1050.
|
|||||
| CVE-2020-19962 | 1 Chaoji Cms Project | 1 Chaoji Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts.
|
|||||
| CVE-2020-19952 | 1 Jbt | 1 Live \(github-flavored\) Markdown Editor | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.
|
|||||
| CVE-2020-19950 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
|
|||||
| CVE-2020-19949 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
|
|||||
| CVE-2020-19924 | 1 Issuehunt | 1 Boostnote | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks.
|
|||||
| CVE-2020-19915 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php.
|
|||||
| CVE-2020-19914 | 1 Xiuno | 1 Xiunobbs | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function.
|
|||||
| CVE-2020-19887 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
|
|||||
| CVE-2020-19885 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
|
|||||
| CVE-2020-19884 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119.
|
|||||
| CVE-2020-19883 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
|
|||||
| CVE-2020-19882 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
|
|||||
| CVE-2020-19881 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
|
|||||
| CVE-2020-19880 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users.
|
|||||
| CVE-2020-19879 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107,
|
|||||
| CVE-2020-19855 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.
|
|||||
| CVE-2020-19762 | 1 Carrier | 1 Webctrl System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.
|
|||||
| CVE-2020-19709 | 1 Feehi | 1 Feehicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload.
|
|||||
| CVE-2020-19704 | 1 Spring-boot-admin Project | 1 Spring-boot-admin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML.
|
|||||
| CVE-2020-19703 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2020-19683 | 1 Zzzcms | 1 Zzzcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.
|
|||||
| CVE-2020-19643 | 1 Insma | 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page.
|
|||||
| CVE-2020-19626 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
|
|||||
| CVE-2020-19619 | 1 Mblog Project | 1 Mblog | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
|
|||||
| CVE-2020-19618 | 1 Mblog Project | 1 Mblog | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
|
|||||
| CVE-2020-19617 | 1 Mblog Project | 1 Mblog | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.
|
|||||
| CVE-2020-19616 | 1 Mblog Project | 1 Mblog | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
|
|||||
| CVE-2020-19611 | 1 Racktables Project | 1 Racktables | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter.
|
|||||
| CVE-2020-19587 | 1 Idera | 1 Yellowfin Business Intelligence | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.
|
|||||
| CVE-2020-19586 | 1 Yellowfinbi | 1 Business Intelligence | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.
|
|||||
| CVE-2020-19554 | 1 Manageengine | 1 Opmanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.
|
|||||
| CVE-2020-19553 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
|
|||||
| CVE-2020-19515 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.
|
|||||
| CVE-2020-19511 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes,
|
|||||
| CVE-2020-19362 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
|
|||||
| CVE-2020-19361 | 1 Medintux | 1 Medintux | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
|
|||||
| CVE-2020-19295 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
|
|||||