Export limit exceeded: 46792 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46792 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26049 | 1 Niftypm | 1 Nifty-pm | 2024-11-21 | 6.1 Medium |
| Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution. | ||||
| CVE-2020-26046 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 5.4 Medium |
| FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors. | ||||
| CVE-2020-26043 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php | ||||
| CVE-2020-26035 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket. | ||||
| CVE-2020-26006 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 6.1 Medium |
| Project Worlds Online Examination System 1.0 is affected by Cross Site Scripting (XSS) via account.php. | ||||
| CVE-2020-25955 | 1 Student Management System Project In Php Project | 1 Student Management System Project In Php | 2024-11-21 | 5.4 Medium |
| SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the 'add subject' tab. | ||||
| CVE-2020-25925 | 1 Icewarp | 1 Webclient | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | ||||
| CVE-2020-25915 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login. | ||||
| CVE-2020-25902 | 1 Blackboard | 1 Collaborate Ultra | 2024-11-21 | 6.1 Medium |
| Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class. NOTE: Third-parties dispute the validity of this entry as a possible false positive during research | ||||
| CVE-2020-25890 | 1 Kyocera | 2 Ecosys M2640idw, Ecosys M2640idw Firmware | 2024-11-21 | 6.1 Medium |
| The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions | ||||
| CVE-2020-25879 | 1 Codologic | 1 Codoforum | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter. | ||||
| CVE-2020-25878 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 4.8 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules. | ||||
| CVE-2020-25877 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | ||||
| CVE-2020-25876 | 1 Codologic | 1 Codoforum | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter. | ||||
| CVE-2020-25875 | 1 Codologic | 1 Codoforum | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter. | ||||
| CVE-2020-25864 | 1 Hashicorp | 1 Consul | 2024-11-21 | 6.1 Medium |
| HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14. | ||||
| CVE-2020-25840 | 1 Microfocus | 1 Access Manager | 2024-11-21 | 6.1 Medium |
| Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. | ||||
| CVE-2020-25835 | 1 Microfocus | 1 Arcsight Management Center | 2024-11-21 | 5.9 Medium |
| A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS). | ||||
| CVE-2020-25834 | 1 Microfocus | 1 Arcsight Logger | 2024-11-21 | 5.4 Medium |
| Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS). | ||||
| CVE-2020-25833 | 1 Microfocus | 1 Idol | 2024-11-21 | 4.8 Medium |
| Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack. | ||||