Export limit exceeded: 340686 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 340686 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 340686 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44574 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35438 | 1 Kamalkhan | 1 Kk Star Ratings | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5. | ||||
| CVE-2020-35437 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.1 Medium |
| Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI. | ||||
| CVE-2020-35419 | 1 Group-office | 1 Group Office | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter. | ||||
| CVE-2020-35418 | 1 Group-office | 1 Group Office | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file. | ||||
| CVE-2020-35416 | 1 Onlineonly | 1 Phpjabbers Appointment Scheduler | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2020-35396 | 1 Egavilanmedia | 1 Barcodes Generator | 2024-11-21 | 6.1 Medium |
| EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website. | ||||
| CVE-2020-35395 | 1 Egavilanmedia | 1 Expense Management System | 2024-11-21 | 6.1 Medium |
| XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field | ||||
| CVE-2020-35373 | 1 Fiyo | 1 Fiyo Cms | 2024-11-21 | 6.1 Medium |
| In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. | ||||
| CVE-2020-35349 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2024-11-21 | 4.8 Medium |
| Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page). | ||||
| CVE-2020-35346 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 4.8 Medium |
| CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. | ||||
| CVE-2020-35338 | 1 Mobileviewpoint | 1 Wireless Multiplex Terminal Playout Server | 2024-11-21 | 9.8 Critical |
| The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon." | ||||
| CVE-2020-35328 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 5.4 Medium |
| Courier Management System 1.0 - 'First Name' Stored XSS | ||||
| CVE-2020-35309 | 1 Bakeshop Online Ordering System Project | 1 Bakeshop Online Ordering System | 2024-11-21 | 4.8 Medium |
| Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories". | ||||
| CVE-2020-35305 | 1 Gollum Project | 1 Gollum | 2024-11-21 | 6.1 Medium |
| Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog. | ||||
| CVE-2020-35296 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | 7.5 High |
| ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access. | ||||
| CVE-2020-35275 | 1 Coastercms | 1 Coastercms | 2024-11-21 | 5.4 Medium |
| Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application. | ||||
| CVE-2020-35274 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 4.8 Medium |
| DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS. | ||||
| CVE-2020-35272 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2024-11-21 | 4.8 Medium |
| Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields. | ||||
| CVE-2020-35271 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2024-11-21 | 4.8 Medium |
| Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields. | ||||
| CVE-2020-35262 | 1 Digisol | 2 Dg-hr3400, Dg-hr3400 Firmware | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be exploited via the NTP server name in Time and date module and "Keyword" in URL Filter. | ||||