Export limit exceeded: 45468 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45468 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13893 | 1 Sage | 1 Easypay | 2024-11-21 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E). | ||||
| CVE-2020-13892 | 1 Themeboy | 1 Sportspress | 2024-11-21 | 5.4 Medium |
| The SportsPress plugin before 2.7.2 for WordPress allows XSS. | ||||
| CVE-2020-13890 | 1 Laborator | 1 Neon | 2024-11-21 | 5.4 Medium |
| The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard. | ||||
| CVE-2020-13889 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| showAlert() in the administration panel in Bludit 3.12.0 allows XSS. | ||||
| CVE-2020-13888 | 1 Kordil Edms Project | 1 Kordil Edms | 2024-11-21 | 5.4 Medium |
| Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php. | ||||
| CVE-2020-13870 | 1 Verbb | 1 Comments | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name. | ||||
| CVE-2020-13869 | 1 Verbb | 1 Comments | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name. | ||||
| CVE-2020-13865 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 5.4 Medium |
| The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes. | ||||
| CVE-2020-13864 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 5.4 Medium |
| The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links. | ||||
| CVE-2020-13858 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations. | ||||
| CVE-2020-13853 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 5.4 Medium |
| Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. | ||||
| CVE-2020-13828 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter. | ||||
| CVE-2020-13827 | 1 Phplist | 1 Phplist | 2024-11-21 | 6.1 Medium |
| phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | ||||
| CVE-2020-13825 | 1 I-doit | 1 I-doit | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter. | ||||
| CVE-2020-13821 | 1 Hivemq | 1 Broker Control Center | 2024-11-21 | 5.4 Medium |
| An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker. | ||||
| CVE-2020-13820 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 6.1 Medium |
| Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | ||||
| CVE-2020-13819 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 6.1 Medium |
| Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | ||||
| CVE-2020-13804 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin. | ||||
| CVE-2020-13798 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php. | ||||
| CVE-2020-13797 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php. | ||||