Export limit exceeded: 45633 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45633 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23962 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 6.1 Medium |
| A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcement_gonggao" parameter. | ||||
| CVE-2020-23957 | 1 Pega | 1 Pega Platform | 2024-11-21 | 6.1 Medium |
| Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI. | ||||
| CVE-2020-23868 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C allows inc/rt-popup.php d XSS. | ||||
| CVE-2020-23849 | 1 Jsoneditoronline | 1 Jsoneditor | 2024-11-21 | 6.1 Medium |
| Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript. | ||||
| CVE-2020-23839 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. | ||||
| CVE-2020-23835 | 1 Tailor Management System Project | 1 Tailor Management System | 2024-11-21 | 6.4 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing. | ||||
| CVE-2020-23832 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-11-21 | 6.1 Medium |
| A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login. | ||||
| CVE-2020-23831 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 6.4 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials. | ||||
| CVE-2020-23814 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file. | ||||
| CVE-2020-23774 | 1 Winmail Project | 1 Winmail | 2024-11-21 | 6.1 Medium |
| A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed. | ||||
| CVE-2020-23762 | 1 Larsens Calendar Project | 1 Larsens Calendar | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab. | ||||
| CVE-2020-23761 | 1 Intelliants | 1 Subrion | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab. | ||||
| CVE-2020-23754 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 9.6 Critical |
| Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature. | ||||
| CVE-2020-23721 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 5.4 Medium |
| An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english. | ||||
| CVE-2020-23719 | 1 Zibbs Project | 1 Zibbs | 2024-11-21 | 9.6 Critical |
| Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter. | ||||
| CVE-2020-23718 | 1 Zibbs Project | 1 Zibbs | 2024-11-21 | 9.6 Critical |
| Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php. | ||||
| CVE-2020-23710 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature. | ||||
| CVE-2020-23702 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php. | ||||
| CVE-2020-23700 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. | ||||
| CVE-2020-23697 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php. | ||||