Export limit exceeded: 45666 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45666 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35946 | 1 Semperplugins | 1 All In One Seo Pack | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS. | ||||
| CVE-2020-35944 | 1 Pagelayer | 1 Pagelayer | 2024-11-21 | 8.8 High |
| An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS. | ||||
| CVE-2020-35942 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) | ||||
| CVE-2020-35937 | 1 Pickplugins | 2 Post Grid, Team Showcase | 2024-11-21 | 7.5 High |
| Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts. | ||||
| CVE-2020-35936 | 1 Pickplugins | 2 Post Grid, Team Showcase | 2024-11-21 | 7.5 High |
| Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. | ||||
| CVE-2020-35933 | 1 Thenewsletterplugin | 1 Newsletter | 2024-11-21 | 6.5 Medium |
| A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter. | ||||
| CVE-2020-35930 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 5.4 Medium |
| Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. | ||||
| CVE-2020-35929 | 1 Kaspersky | 1 Tinycheck | 2024-11-21 | 9.8 Critical |
| In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data. | ||||
| CVE-2020-35856 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 4.8 Medium |
| SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page. | ||||
| CVE-2020-35854 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 4.8 Medium |
| Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. | ||||
| CVE-2020-35853 | 1 4homepages | 1 4images | 2024-11-21 | 4.8 Medium |
| 4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload. | ||||
| CVE-2020-35852 | 1 Getgist | 1 Chatbox | 2024-11-21 | 6.1 Medium |
| Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS. | ||||
| CVE-2020-35842 | 1 Netgear | 28 D6200, D6200 Firmware, D7000 and 25 more | 2024-11-21 | 6.9 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. | ||||
| CVE-2020-35841 | 1 Netgear | 36 D6200, D6200 Firmware, D7000 and 33 more | 2024-11-21 | 6.9 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. | ||||
| CVE-2020-35840 | 1 Netgear | 28 D6200, D6200 Firmware, D7000 and 25 more | 2024-11-21 | 6.9 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. | ||||
| CVE-2020-35839 | 1 Netgear | 16 D7800, D7800 Firmware, R7500v2 and 13 more | 2024-11-21 | 6.1 Medium |
| Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78. | ||||
| CVE-2020-35838 | 1 Netgear | 16 D7800, D7800 Firmware, R7500v2 and 13 more | 2024-11-21 | 6.1 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-35837 | 1 Netgear | 16 D7800, D7800 Firmware, R7500v2 and 13 more | 2024-11-21 | 6.1 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-35836 | 1 Netgear | 16 D7800, D7800 Firmware, R7500v2 and 13 more | 2024-11-21 | 6.1 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78. | ||||
| CVE-2020-35835 | 1 Netgear | 16 D7800, D7800 Firmware, R7500v2 and 13 more | 2024-11-21 | 6.1 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||