Export limit exceeded: 46786 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46786 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19201 | 1 Netgate | 1 Pfsense | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr (description) parameter on NAT rules. | ||||
| CVE-2020-19158 | 1 S-cms | 1 S-cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'. | ||||
| CVE-2020-19157 | 1 Wenkucms Project | 1 Wenkucms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'. | ||||
| CVE-2020-19156 | 1 Ari-soft | 1 Ari Adminer | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called. | ||||
| CVE-2020-19148 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'. | ||||
| CVE-2020-19118 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. | ||||
| CVE-2020-19049 | 1 Mybb | 1 Mybb | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. | ||||
| CVE-2020-19048 | 1 Mybb | 1 Mybb | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. | ||||
| CVE-2020-19046 | 1 S-cms | 1 S-cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='. | ||||
| CVE-2020-19042 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php. | ||||
| CVE-2020-19007 | 1 Halo | 1 Halo | 2024-11-21 | 5.4 Medium |
| Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser. | ||||
| CVE-2020-19002 | 1 Jupo | 1 Mezzanine | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632. | ||||
| CVE-2020-19000 | 1 Simiki Project | 1 Simiki | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line 54 of the component 'simiki/blob/master/simiki/generators.py'. | ||||
| CVE-2020-18999 | 1 Blog Mini Project | 1 Blog Mini | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. | ||||
| CVE-2020-18998 | 1 Blog Mini Project | 1 Blog Mini | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/custom/blog-plugin/add'. | ||||
| CVE-2020-18984 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection. | ||||
| CVE-2020-18982 | 1 Halo | 1 Halo | 2024-11-21 | 5.4 Medium |
| Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | ||||
| CVE-2020-18979 | 1 Halo | 1 Halo | 2024-11-21 | 6.1 Medium |
| Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. | ||||
| CVE-2020-18766 | 1 Antsword Project | 1 Antsword | 2024-11-21 | 9.6 Critical |
| A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands. | ||||
| CVE-2020-18748 | 1 Typora | 1 Typora | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221. | ||||