Export limit exceeded: 45612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45612 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15030 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter. | ||||
| CVE-2020-15029 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter. | ||||
| CVE-2020-15028 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter. | ||||
| CVE-2020-15020 | 1 Elementor | 1 Website Builder | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field. | ||||
| CVE-2020-15017 | 1 Nedi | 1 Nedi | 2024-11-21 | 6.1 Medium |
| NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter. | ||||
| CVE-2020-15016 | 1 Nedi | 1 Nedi | 2024-11-21 | 6.1 Medium |
| NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter. | ||||
| CVE-2020-15015 | 1 Gleamtech | 1 Fileultimate | 2024-11-21 | 6.1 Medium |
| The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XSS via an SVG document. | ||||
| CVE-2020-15011 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Mailman and 1 more | 2024-11-21 | 4.3 Medium |
| GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. | ||||
| CVE-2020-15006 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. | ||||
| CVE-2020-15004 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.8 Medium |
| OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. | ||||
| CVE-2020-14988 | 1 Bloomreach | 1 Experience Manager | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the upload image functionality via an SVG document containing JavaScript. | ||||
| CVE-2020-14973 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 6.1 Medium |
| The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. | ||||
| CVE-2020-14965 | 1 Tp-link | 4 Tl-wr740n, Tl-wr740n Firmware, Tl-wr740nd and 1 more | 2024-11-21 | 4.8 Medium |
| On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator. | ||||
| CVE-2020-14962 | 1 Machothemes | 1 Image Photo Gallery Final Tiles Grid | 2024-11-21 | 5.4 Medium |
| Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php. | ||||
| CVE-2020-14959 | 1 Goldplugins | 1 Easy Testimonials | 2024-11-21 | 5.4 Medium |
| Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter. | ||||
| CVE-2020-14943 | 1 Globalradar | 1 Bsa Radar | 2024-11-21 | 5.4 Medium |
| The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile. | ||||
| CVE-2020-14927 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 4.8 Medium |
| Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen. | ||||
| CVE-2020-14926 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 5.4 Medium |
| CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. | ||||
| CVE-2020-14615 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2024-11-21 | 6.1 Medium |
| Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2020-14613 | 1 Oracle | 1 Webcenter Sites | 2024-11-21 | 6.1 Medium |
| Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced User Interface). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||