Export limit exceeded: 18760 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45493 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45493 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24963 | 1 Appsbd | 1 Best Support System | 2024-11-21 | 5.4 Medium |
| An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4. | ||||
| CVE-2020-24924 | 1 Elkarbackup | 1 Elkarbackup | 2024-11-21 | 5.4 Medium |
| A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter | ||||
| CVE-2020-24917 | 1 Osticket | 1 Osticket | 2024-11-21 | 6.1 Medium |
| osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php. | ||||
| CVE-2020-24912 | 1 Qcubed | 1 Qcubed | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. | ||||
| CVE-2020-24903 | 1 Cutesoft | 1 Cute Editor | 2024-11-21 | 6.1 Medium |
| Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2020-24902 | 1 Quixplorer Project | 1 Quixplorer | 2024-11-21 | 4.7 Medium |
| Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2020-24900 | 1 Krpano | 1 Krpano | 2024-11-21 | 6.1 Medium |
| The default installation of Krpano Panorama Viewer version <=1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml. | ||||
| CVE-2020-24897 | 1 Stiltsoft | 1 Table Filter And Charts For Confluence Server | 2024-11-21 | 8.9 High |
| The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the "Table from CSV" macro. | ||||
| CVE-2020-24876 | 1 Pancakeapp | 1 Pancake | 2024-11-21 | 9.8 Critical |
| Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation. | ||||
| CVE-2020-24872 | 1 Lepton-cms | 1 Leptoncms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code. | ||||
| CVE-2020-24861 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 5.4 Medium |
| GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page | ||||
| CVE-2020-24860 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 5.4 Medium |
| CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website. | ||||
| CVE-2020-24842 | 1 Sdgc | 1 Pnpscada | 2024-11-21 | 6.1 Medium |
| PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim's browser. | ||||
| CVE-2020-24712 | 1 Getgophish | 1 Gophish | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page. | ||||
| CVE-2020-24709 | 1 Getgophish | 1 Gophish | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template. | ||||
| CVE-2020-24708 | 1 Getgophish | 1 Gophish | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form. | ||||
| CVE-2020-24706 | 1 Wso2 | 6 Api Manager, Api Manager Analytics, Identity Server and 3 more | 2024-11-21 | 6.1 Medium |
| An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. | ||||
| CVE-2020-24704 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2024-11-21 | 6.1 Medium |
| An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. | ||||
| CVE-2020-24701 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI). | ||||
| CVE-2020-24699 | 1 Chamber Dashboard Business Directory Project | 1 Chamber Dashboard Business Directory | 2024-11-21 | 6.1 Medium |
| The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS. | ||||