Export limit exceeded: 339428 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339428 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44413 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12071 | 1 Anchorcms | 1 Anchor | 2024-11-21 | 4.8 Medium |
| Anchor 0.12.7 allows admins to cause XSS via crafted post content. | ||||
| CVE-2020-12058 | 1 Oscommerce | 1 Ce Phoenix | 2024-11-21 | 6.1 Medium |
| Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catalog/admin/countries.php, catalog/admin/tax_classes.php, catalog/admin/reviews.php, or catalog/admin/zones.php; or the zpage or spage parameter to catalog/admin/geo_zones.php. | ||||
| CVE-2020-12054 | 1 Catchplugins | 1 Catch Breadcrumb | 2024-11-21 | 6.1 Medium |
| The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO. | ||||
| CVE-2020-12052 | 2 Grafana, Redhat | 4 Grafana, Enterprise Linux, Openshift and 1 more | 2024-11-21 | 6.1 Medium |
| Grafana version < 6.7.3 is vulnerable for annotation popup XSS. | ||||
| CVE-2020-12047 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2024-11-21 | 9.8 Critical |
| The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials. | ||||
| CVE-2020-12045 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2024-11-21 | 9.8 Critical |
| The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded credentials. | ||||
| CVE-2020-12039 | 1 Baxter | 2 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware | 2024-11-21 | 2.4 Low |
| Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed. | ||||
| CVE-2020-12035 | 1 Baxter | 4 Prismaflex, Prismaflex Firmware, Prismax and 1 more | 2024-11-21 | 4.9 Medium |
| Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings and calibration. | ||||
| CVE-2020-12021 | 1 Osisoft | 1 Pi Web Api | 2024-11-21 | 9.0 Critical |
| In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-12016 | 1 Baxter | 4 Em1200, Em1200 Firmware, Em2400 and 1 more | 2024-11-21 | 9.8 Critical |
| Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI. | ||||
| CVE-2020-12012 | 1 Baxter | 4 Em1200, Em1200 Firmware, Em2400 and 1 more | 2024-11-21 | 6.1 Medium |
| Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI. | ||||
| CVE-2020-11983 | 1 Apache | 1 Airflow | 2024-11-21 | 5.4 Medium |
| An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks. | ||||
| CVE-2020-11951 | 1 Rittal | 9 Cmc Iii Pu 7030.000, Cmc Iii Pu 7030.000 Firmware, Cmciii-pu-9333e0fb and 6 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a Backdoor root account. | ||||
| CVE-2020-11944 | 1 Bitcoin-abe Project | 1 Bitcoin-abe | 2024-11-21 | 6.1 Medium |
| Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call__ in abe.py because the PATH_INFO environment variable is mishandled during a PageNotFound exception. | ||||
| CVE-2020-11930 | 1 Gtranslate | 1 Translate Wordpress With Gtranslate | 2024-11-21 | 6.1 Medium |
| The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option. | ||||
| CVE-2020-11888 | 1 Python-markdown2 Project | 1 Python-markdown2 | 2024-11-21 | 6.1 Medium |
| python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute. | ||||
| CVE-2020-11887 | 1 Svg2png Project | 1 Svg2png | 2024-11-21 | 6.1 Medium |
| svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document. | ||||
| CVE-2020-11878 | 1 Jitsi | 1 Meet | 2024-11-21 | 9.8 Critical |
| The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts. | ||||
| CVE-2020-11860 | 1 Microfocus | 1 Arcsight Logger | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS) | ||||
| CVE-2020-11857 | 1 Microfocus | 1 Operation Bridge Reporter | 2024-11-21 | 9.8 Critical |
| An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user | ||||