Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18167 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".
|
|||||
| CVE-2020-18165 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
|
|||||
| CVE-2020-18158 | 1 Hucart | 1 Hucart | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php.
|
|||||
| CVE-2020-18145 | 1 Baidu | 1 Umeditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php.
|
|||||
| CVE-2020-18126 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.
|
|||||
| CVE-2020-18125 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.
|
|||||
| CVE-2020-18102 | 1 Hotels Server Project | 1 Hotels Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".
|
|||||
| CVE-2020-18084 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in.
|
|||||
| CVE-2020-18066 | 1 Zrlog | 1 Zrlog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.
|
|||||
| CVE-2020-18065 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu.
|
|||||
| CVE-2020-18035 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java".
|
|||||
| CVE-2020-18022 | 1 Qibosoft | 1 Qibocms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component.
|
|||||
| CVE-2020-17999 | 1 1234n | 1 Minicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component "/mc-admin/post-edit.php".
|
|||||
| CVE-2020-17891 | 1 Tp-link | 2 Archer C1200, Archer C1200 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code.
|
|||||
| CVE-2020-17551 | 1 Impresscms | 1 Impresscms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.
|
|||||
| CVE-2020-17542 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component.
|
|||||
| CVE-2020-17515 | 1 Apache | 1 Airflow | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.
|
|||||
| CVE-2020-17480 | 1 Tiny | 1 Tinymce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
|
|||||
| CVE-2020-17476 | 1 Mibew | 1 Messenger | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Mibew Messenger before 3.2.7 allows XSS via a crafted user name.
|
|||||
| CVE-2020-17465 | 1 Forgerock | 1 Identity Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6.
|
|||||
| CVE-2020-17458 | 1 Fabbricadigitale | 1 Multiux | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field.
|
|||||
| CVE-2020-17457 | 1 Fujitsu | 1 Serverview Remote Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCU_FILE_INIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages.
|
|||||
| CVE-2020-17454 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box appears that writes an error message concatenated to the injected payload (without any form of data encoding). This can also be exploited via CSRF.
|
|||||
| CVE-2020-17453 | 1 Wso2 | 8 Api Manager, Api Manager Analytics, Api Microgateway and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
|
|||||
| CVE-2020-17451 | 1 Flatcore | 1 Flatcore | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter.
|
|||||
| CVE-2020-17450 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHP-Fusion 9.03 allows XSS on the preview page.
|
|||||
| CVE-2020-17449 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP-Fusion 9.03 allows XSS via the error_log file.
|
|||||
| CVE-2020-17372 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SugarCRM before 10.1.0 (Q3 2020) allows XSS.
|
|||||
| CVE-2020-17364 | 1 Usvn | 1 User-friendly Svn | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.
|
|||||
| CVE-2020-17362 | 1 Themeinprogress | 1 Nova Lite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
|
|||||
| CVE-2020-17083 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
Microsoft Exchange Server Remote Code Execution Vulnerability
|
|||||
| CVE-2020-17021 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
|
|||||
| CVE-2020-17018 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
|
|||||
| CVE-2020-17006 | 1 Microsoft | 1 Dynamics Crm 2015 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
|
|||||
| CVE-2020-17005 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
|
|||||
| CVE-2020-16847 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
|
|||||
| CVE-2020-16632 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
|
|||||
| CVE-2020-16608 | 1 Notable | 1 Notable | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
|
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).
|
|||||
| CVE-2020-16278 | 1 Carson-saint | 1 Saint Security Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
|
|||||
| CVE-2020-16275 | 1 Carson-saint | 1 Saint Security Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
|
|||||