CWE-79 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (44464 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-23240	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
CVE-2020-23239	1 Textpattern	1 Textpattern	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
CVE-2020-23238	1 Evo	1 Evolution Cms	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.
CVE-2020-23234	1 Lavalite	1 Lavalite	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".
CVE-2020-23226	2 Cacti, Debian	2 Cacti, Debian Linux	2024-11-21	6.1 Medium
Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.
CVE-2020-23217	1 Phplist	1 Phplist	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module.
CVE-2020-23214	1 Phplist	1 Phplist	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module.
CVE-2020-23209	1 Phplist	1 Phplist	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module.
CVE-2020-23208	1 Phplist	1 Phplist	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module.
CVE-2020-23207	1 Phplist	1 Phplist	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module.
CVE-2020-23205	1 Monstra	1 Monstra Cms	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module.
CVE-2020-23194	1 Phplist	1 Phplist	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-23192	1 Phplist	1 Phplist	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module.
CVE-2020-23190	1 Phplist	1 Phplist	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-23185	1 Php-fusion	1 Php-fusion	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-23184	1 Php-fusion	1 Php-fusion	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field.
CVE-2020-23181	1 Php-fusion	1 Php-fusion	2024-11-21	5.4 Medium
A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field.
CVE-2020-23179	1 Php-fusion	1 Php-fusion	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field.
CVE-2020-23126	1 Chamilo	1 Chamilo Lms	2024-11-21	6.1 Medium
Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends.
CVE-2020-23055	1 Lancom-systems	3 Lcos, Wlc-1000, Wlc-4006	2024-11-21	5.4 Medium
ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module via the userid and password parameters.

« first previous Page 1853 of 2224. next last »