Export limit exceeded: 345307 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45483 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45483 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23048 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 6.1 Medium |
| SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters. | ||||
| CVE-2020-23047 | 1 Macs Cms Project | 1 Macs Cms | 2024-11-21 | 6.1 Medium |
| Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module. | ||||
| CVE-2020-23046 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.1 Medium |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. | ||||
| CVE-2020-23044 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | ||||
| CVE-2020-23042 | 1 Dropouts | 1 Super Backup | 2024-11-21 | 6.1 Medium |
| Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request. | ||||
| CVE-2020-23041 | 1 Dropouts | 1 Air Share | 2024-11-21 | 6.1 Medium |
| Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request. | ||||
| CVE-2020-23039 | 1 Newsoftwares | 1 Folder Lock | 2024-11-21 | 5.4 Medium |
| Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name. | ||||
| CVE-2020-23014 | 1 Apfell Project | 1 Apfell | 2024-11-21 | 5.4 Medium |
| APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel. | ||||
| CVE-2020-22987 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task. | ||||
| CVE-2020-22986 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task. | ||||
| CVE-2020-22985 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task. | ||||
| CVE-2020-22984 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task. | ||||
| CVE-2020-22864 | 1 Froala | 1 Froala Editor | 2024-11-21 | 6.1 Medium |
| A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-22842 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 5.4 Medium |
| CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. | ||||
| CVE-2020-22841 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 4.8 Medium |
| Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module. | ||||
| CVE-2020-22839 | 1 B2evolution | 1 B2evolution Cms | 2024-11-21 | 6.1 Medium |
| Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter. | ||||
| CVE-2020-22808 | 1 Fecmall Project | 1 Fecmall | 2024-11-21 | 6.1 Medium |
| An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulnerability in the check cart page. | ||||
| CVE-2020-22790 | 1 Safe | 1 Fme Server | 2024-11-21 | 5.4 Medium |
| Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs. | ||||
| CVE-2020-22789 | 1 Safe | 1 Fme Server | 2024-11-21 | 6.1 Medium |
| Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs. | ||||
| CVE-2020-22765 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module. | ||||