Export limit exceeded: 341641 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44696 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-22453 | 1 Untis | 1 Webuntis | 2024-11-21 | 6.1 Medium |
| Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information. | ||||
| CVE-2020-22428 | 1 Solarwinds | 2 Serv-u Ftp Server, Serv-u Mft Server | 2024-11-21 | 4.8 Medium |
| SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload. | ||||
| CVE-2020-22421 | 1 74cms | 1 74cms | 2024-11-21 | 6.1 Medium |
| 74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vulnerability via /index.php?m=&c=help&a=help_list&key. | ||||
| CVE-2020-22394 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.1 Medium |
| In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2020-22392 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file. | ||||
| CVE-2020-22330 | 1 Intelliants | 1 Subrion | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page. | ||||
| CVE-2020-22312 | 1 Hznuoj Project | 1 Hznuoj | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0. | ||||
| CVE-2020-22251 | 1 Phplist | 1 Phplist | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin. | ||||
| CVE-2020-22224 | 1 Phpjabbers | 1 Fundraising Script | 2024-11-21 | 6.1 Medium |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function. | ||||
| CVE-2020-22222 | 1 Phpjabbers | 1 Fundraising Script | 2024-11-21 | 6.1 Medium |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function. | ||||
| CVE-2020-22181 | 1 Samsung | 2 Sww-3400rw, Sww-3400rw Firmware | 2024-11-21 | 6.1 Medium |
| A reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi | ||||
| CVE-2020-22167 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.4 Medium |
| PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data. | ||||
| CVE-2020-22158 | 1 Mediakind | 2 Rx8200, Rx8200 Firmware | 2024-11-21 | 6.1 Medium |
| MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the "name" parameter with the malicious code. | ||||
| CVE-2020-22150 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.1 Medium |
| A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-22148 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.1 Medium |
| A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-21995 | 1 Inim | 12 Smartliving 10100l, Smartliving 10100l Firmware, Smartliving 10100lg3 and 9 more | 2024-11-21 | 9.8 Critical |
| Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system. | ||||
| CVE-2020-21993 | 1 Wems | 1 Enterprise Manager | 2024-11-21 | 6.1 Medium |
| In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site. | ||||
| CVE-2020-21987 | 1 Homeautomation Project | 1 Homeautomation | 2024-11-21 | 6.1 Medium |
| HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session. | ||||
| CVE-2020-21967 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.8 Medium |
| File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page. | ||||
| CVE-2020-21930 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. | ||||