Export limit exceeded: 339468 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44418 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13865 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 5.4 Medium |
| The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes. | ||||
| CVE-2020-13864 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 5.4 Medium |
| The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links. | ||||
| CVE-2020-13858 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations. | ||||
| CVE-2020-13853 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 5.4 Medium |
| Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. | ||||
| CVE-2020-13828 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter. | ||||
| CVE-2020-13827 | 1 Phplist | 1 Phplist | 2024-11-21 | 6.1 Medium |
| phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | ||||
| CVE-2020-13825 | 1 I-doit | 1 I-doit | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter. | ||||
| CVE-2020-13821 | 1 Hivemq | 1 Broker Control Center | 2024-11-21 | 5.4 Medium |
| An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker. | ||||
| CVE-2020-13820 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 6.1 Medium |
| Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | ||||
| CVE-2020-13819 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 6.1 Medium |
| Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | ||||
| CVE-2020-13804 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin. | ||||
| CVE-2020-13798 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php. | ||||
| CVE-2020-13797 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php. | ||||
| CVE-2020-13796 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php. | ||||
| CVE-2020-13793 | 1 Ivanti | 1 Dsm Netinst | 2024-11-21 | 9.8 Critical |
| Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. | ||||
| CVE-2020-13773 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 5.4 Medium |
| Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx. | ||||
| CVE-2020-13762 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS. | ||||
| CVE-2020-13761 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS. | ||||
| CVE-2020-13758 | 1 Bitrix | 1 Bitrix24 | 2024-11-21 | 6.1 Medium |
| modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload. | ||||
| CVE-2020-13697 | 1 Nanohttpd | 1 Nanohttpd | 2024-11-21 | 6.1 Medium |
| An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, because the GeneralHandler GET handler prints user input passed through the query string without any sanitization. | ||||