Export limit exceeded: 45638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45638 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25565 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 9.8 Critical |
| In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. | ||||
| CVE-2020-25561 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 7.8 High |
| SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client. | ||||
| CVE-2020-25560 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 9.8 Critical |
| In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. We also observed the same is true if the JSESSIONID is completely removed. | ||||
| CVE-2020-25516 | 1 Wso2 | 1 Enterprise Integrator | 2024-11-21 | 5.4 Medium |
| WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks. | ||||
| CVE-2020-25498 | 1 Beetel | 2 777vr1, 777vr1 Firmware | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and "Keyword" in URL Filter. | ||||
| CVE-2020-25495 | 1 Xinuos | 1 Openserver | 2024-11-21 | 6.1 Medium |
| A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'. | ||||
| CVE-2020-25493 | 1 Oclean | 1 Oclean | 2024-11-21 | 7.5 High |
| Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic. | ||||
| CVE-2020-25491 | 1 6kare | 1 Emakin | 2024-11-21 | 6.1 Medium |
| 6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page. | ||||
| CVE-2020-25476 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 6.1 Medium |
| Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected and reflected in the calendar of the user who submitted the payload. An attacker could escalate its privileges in case an admin visits the calendar that injected the payload. | ||||
| CVE-2020-25474 | 1 Newsscriptphp | 1 News Script Php Pro | 2024-11-21 | 6.1 Medium |
| SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter. | ||||
| CVE-2020-25470 | 1 Antsword Project | 1 Antsword | 2024-11-21 | 6.1 Medium |
| AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution. | ||||
| CVE-2020-25454 | 1 Grocy Project | 1 Grocy | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe. | ||||
| CVE-2020-25449 | 1 Arachnys | 1 Cabot | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column. | ||||
| CVE-2020-25444 | 1 Bookingcore | 1 Booking Core | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section. | ||||
| CVE-2020-25422 | 1 Mara Cms Project | 1 Mara Cms | 2024-11-21 | 5.4 Medium |
| A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2020-25399 | 1 Mind | 1 Imind Server | 2024-11-21 | 7.8 High |
| Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat. | ||||
| CVE-2020-25394 | 1 Mozilo | 1 Mozilocms | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter. | ||||
| CVE-2020-25392 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 5.4 Medium |
| A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin. | ||||
| CVE-2020-25391 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 5.4 Medium |
| A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module. | ||||
| CVE-2020-25385 | 1 Nagios | 1 Log Server | 2024-11-21 | 6.1 Medium |
| Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page. | ||||