Export limit exceeded: 347336 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45653 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45653 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26115 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.1 Medium |
| cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574). | ||||
| CVE-2020-26114 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.1 Medium |
| cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573). | ||||
| CVE-2020-26113 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.1 Medium |
| cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). | ||||
| CVE-2020-26111 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.1 Medium |
| cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). | ||||
| CVE-2020-26110 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.1 Medium |
| cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). | ||||
| CVE-2020-26097 | 1 Planet | 4 Nvr-1615, Nvr-1615 Firmware, Nvr-915 and 1 more | 2024-11-21 | 9.8 Critical |
| The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-26083 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials. | ||||
| CVE-2020-26052 | 1 Phpgurukul | 1 Online Marriage Registration System | 2024-11-21 | 5.4 Medium |
| Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters. | ||||
| CVE-2020-26049 | 1 Niftypm | 1 Nifty-pm | 2024-11-21 | 6.1 Medium |
| Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution. | ||||
| CVE-2020-26046 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 5.4 Medium |
| FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors. | ||||
| CVE-2020-26043 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php | ||||
| CVE-2020-26035 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket. | ||||
| CVE-2020-26006 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 6.1 Medium |
| Project Worlds Online Examination System 1.0 is affected by Cross Site Scripting (XSS) via account.php. | ||||
| CVE-2020-25955 | 1 Student Management System Project In Php Project | 1 Student Management System Project In Php | 2024-11-21 | 5.4 Medium |
| SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the 'add subject' tab. | ||||
| CVE-2020-25925 | 1 Icewarp | 1 Webclient | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | ||||
| CVE-2020-25915 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login. | ||||
| CVE-2020-25902 | 1 Blackboard | 1 Collaborate Ultra | 2024-11-21 | 6.1 Medium |
| Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class. NOTE: Third-parties dispute the validity of this entry as a possible false positive during research | ||||
| CVE-2020-25890 | 1 Kyocera | 2 Ecosys M2640idw, Ecosys M2640idw Firmware | 2024-11-21 | 6.1 Medium |
| The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions | ||||
| CVE-2020-25879 | 1 Codologic | 1 Codoforum | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter. | ||||
| CVE-2020-25878 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 4.8 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules. | ||||