Export limit exceeded: 341474 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341474 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44673 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15562 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists. | ||||
| CVE-2020-15538 | 1 We-com | 1 Municipality Portal Cms | 2024-11-21 | 6.1 Medium |
| XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar. | ||||
| CVE-2020-15537 | 1 Vanguard Project | 1 Vanguard | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box. | ||||
| CVE-2020-15536 | 1 Online Hotel Booking System Project | 1 Online Hotel Booking System | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields. | ||||
| CVE-2020-15535 | 1 Bestsoftinc | 1 Car Rental System | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields. | ||||
| CVE-2020-15521 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.1 Medium |
| Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . | ||||
| CVE-2020-15517 | 1 Faceted Search Project | 1 Faceted Search | 2024-11-21 | 5.4 Medium |
| The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS. | ||||
| CVE-2020-15516 | 1 Mm Forum Project | 1 Mm Forum | 2024-11-21 | 5.4 Medium |
| The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF. | ||||
| CVE-2020-15514 | 1 Jh Captcha Project | 1 Jh Captcha | 2024-11-21 | 5.4 Medium |
| The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS. | ||||
| CVE-2020-15500 | 1 Tileserver | 1 Tileservergl | 2024-11-21 | 6.1 Medium |
| An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS. | ||||
| CVE-2020-15499 | 1 Asus | 2 Rt-ac1900p, Rt-ac1900p Firmware | 2024-11-21 | 6.1 Medium |
| An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page. | ||||
| CVE-2020-15497 | 1 Jalios | 1 Jcms | 2024-11-21 | 5.3 Medium |
| jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. Note: It is asserted that this vulnerability is not present in the standard installation of Jalios JCMS | ||||
| CVE-2020-15400 | 1 Cakefoundation | 1 Cakephp | 2024-11-21 | 4.3 Medium |
| CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS. | ||||
| CVE-2020-15382 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 7.2 High |
| Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. | ||||
| CVE-2020-15364 | 1 Nexos Project | 1 Nexos | 2024-11-21 | 6.1 Medium |
| The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS. | ||||
| CVE-2020-15339 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 6.1 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. | ||||
| CVE-2020-15327 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 7.5 High |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. | ||||
| CVE-2020-15326 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.3 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. | ||||
| CVE-2020-15324 | 1 Zyxel | 1 Cloud Cnm Secumanager | 2024-11-21 | 9.8 Critical |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. | ||||
| CVE-2020-15323 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 9.8 Critical |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials. | ||||