Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Angry Yack Logo
Total 42233 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-18737 1 Typora 1 Typora 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.
CVE-2020-18724 1 Altn 1 Mdaemon Webmail 2024-11-21 3.5 LOW 5.4 MEDIUM
Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list.
CVE-2020-18723 1 Altn 1 Mdaemon Webmail 2024-11-21 3.5 LOW 5.4 MEDIUM
Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.
CVE-2020-18702 1 Quokka Project 1 Quokka 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'.
CVE-2020-18699 1 Talelin 1 Lin-cms-flask 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'.
CVE-2020-18693 1 Mineweb 1 Minewebcms 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'.
CVE-2020-18671 1 Roundcube 1 Webmail 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
CVE-2020-18670 1 Roundcube 1 Webmail 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
CVE-2020-18668 1 Webport 1 Web Port 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls.
CVE-2020-18664 1 Webport 1 Web Port 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn.
CVE-2020-18663 1 Sir 1 Gnuboard 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php.
CVE-2020-18661 1 Sir 1 Gnuboard 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php.
CVE-2020-18659 1 Get-simple 1 Getsimplecms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php
CVE-2020-18658 1 Get-simple 1 Getsimplecms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.
CVE-2020-18657 1 Get-simple 1 Getsimplecms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.
CVE-2020-18654 1 Wuzhicms 1 Wuzhicms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".
CVE-2020-18475 1 Hucart 1 Hucart 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be executed.
CVE-2020-18470 1 Rukovoditel 1 Rukovoditel 2024-11-21 3.5 LOW 5.4 MEDIUM
Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php.
CVE-2020-18469 1 Rukovoditel 1 Rukovoditel 2024-11-21 3.5 LOW 5.4 MEDIUM
Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application.
CVE-2020-18468 1 Qdpm 1 Qdpm 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration.
CVE-2020-18467 1 Bigtreecms 1 Bigtree Cms 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create.
CVE-2020-18456 1 Pbootcms 1 Pbootcms 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php.
CVE-2020-18455 1 Bycms Project 1 Bycms 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php.
CVE-2020-18451 1 Damicms 1 Damicms 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php.
CVE-2020-18449 1 Ukcms 1 Ukcms 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php
CVE-2020-18446 1 Yunucms 1 Yunucms 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php.
CVE-2020-18445 1 Yunucms 1 Yunucms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php.
CVE-2020-18414 1 Chaoji Cms Project 1 Chaoji Cms 2024-11-21 N/A 4.8 MEDIUM
Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset.
CVE-2020-18413 1 Chaoji Cms Project 1 Chaoji Cms 2024-11-21 N/A 4.8 MEDIUM
Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code.
CVE-2020-18410 1 Chaoji Cms Project 1 Chaoji Cms 2024-11-21 N/A 4.8 MEDIUM
A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges.
CVE-2020-18404 1 Ecisp 1 Espcms 2024-11-21 N/A 4.8 MEDIUM
An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter.
CVE-2020-18336 1 Typora 1 Typora 2024-11-21 N/A 7.4 HIGH
Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function.
CVE-2020-18327 1 Alfresco 1 Alfresco 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
CVE-2020-18325 1 Intelliants 1 Subrion Cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
CVE-2020-18324 1 Intelliants 1 Subrion Cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
CVE-2020-18259 1 Ed01-cms Project 1 Ed01-cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields.
CVE-2020-18230 1 Phpmywind 1 Phpmywind 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php".
CVE-2020-18229 1 Phpmywind 1 Phpmywind 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php".
CVE-2020-18221 1 Typora 1 Typora 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula.
CVE-2020-18194 1 Emlog 1 Emlog 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.