Export limit exceeded: 347143 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45636 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45636 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24599 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks. | ||||
| CVE-2020-24594 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 9.6 Critical |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | ||||
| CVE-2020-24582 | 1 Zulipchat | 1 Zulip Desktop | 2024-11-21 | 6.1 Medium |
| Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface. | ||||
| CVE-2020-24574 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism. | ||||
| CVE-2020-24553 | 5 Fedoraproject, Golang, Opensuse and 2 more | 6 Fedora, Go, Leap and 3 more | 2024-11-21 | 6.1 Medium |
| Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | ||||
| CVE-2020-24445 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 9 Critical |
| AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2020-24443 | 1 Adobe | 1 Connect | 2024-11-21 | 6.1 Medium |
| Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2020-24442 | 1 Adobe | 1 Connect | 2024-11-21 | 6.1 Medium |
| Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2020-24416 | 1 Adobe | 1 Marketo Sales Insight | 2024-11-21 | 6.1 Medium |
| Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2020-24408 | 1 Magento | 1 Magento | 2024-11-21 | 6.1 Medium |
| Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file. | ||||
| CVE-2020-24390 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 6.1 Medium |
| eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. | ||||
| CVE-2020-24353 | 1 Pega | 1 Pega Platform | 2024-11-21 | 6.1 Medium |
| Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. | ||||
| CVE-2020-24316 | 1 Admin Menu Project | 1 Admin Menu | 2024-11-21 | 6.1 Medium |
| WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | ||||
| CVE-2020-24314 | 1 Rss Feed Widget Project | 1 Rss Feed Widget | 2024-11-21 | 6.1 Medium |
| Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | ||||
| CVE-2020-24313 | 1 Etoilewebdesign | 1 Ultimate Appointment Booking \& Scheduling | 2024-11-21 | 6.1 Medium |
| Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | ||||
| CVE-2020-24303 | 2 Grafana, Redhat | 2 Grafana, Enterprise Linux | 2024-11-21 | 6.1 Medium |
| Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. | ||||
| CVE-2020-24301 | 1 Hapifhir | 1 Testpage Overlay | 2024-11-21 | 6.1 Medium |
| Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believed to be widely used for any production purposes. | ||||
| CVE-2020-24223 | 1 Mara Cms Project | 1 Mara Cms | 2024-11-21 | 6.1 Medium |
| Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. | ||||
| CVE-2020-24218 | 1 Szuray | 95 Iptv\/h.264 Video Encoder Firmware, Iptv\/h.265 Video Encoder Firmware, Uaioe264-1u and 92 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file. | ||||
| CVE-2020-24215 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution. | ||||