Export limit exceeded: 44625 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44625 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9008 | 1 Blackboard | 1 Blackboard Learn | 2024-11-21 | 5.4 Medium |
| Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor. | ||||
| CVE-2020-9007 | 1 Codologic | 1 Codoforum | 2024-11-21 | 5.4 Medium |
| Codoforum 4.8.8 allows self-XSS via the title of a new topic. | ||||
| CVE-2020-8995 | 1 Bilanc | 1 Bilanc | 2024-11-21 | 9.8 Critical |
| Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools. | ||||
| CVE-2020-8985 | 1 Zend | 1 Zendto | 2024-11-21 | 8.8 High |
| ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. | ||||
| CVE-2020-8981 | 1 Mantisbt | 1 Source Integration | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings permit it). This is related to CVE-2018-16362. | ||||
| CVE-2020-8966 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 6.5 Medium |
| There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page. | ||||
| CVE-2020-8964 | 1 Timetoolsltd | 20 Sc7105, Sc7105 Firmware, Sc9205 and 17 more | 2024-11-21 | 9.8 Critical |
| TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcoded cookie." | ||||
| CVE-2020-8960 | 1 Westerndigital | 1 Mycloud.com | 2024-11-21 | 6.1 Medium |
| Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. | ||||
| CVE-2020-8952 | 1 Fiserv | 1 Accurate Reconciliation | 2024-11-21 | 6.1 Medium |
| Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeOut parameter. | ||||
| CVE-2020-8951 | 1 Fiserv | 1 Accurate Reconciliation | 2024-11-21 | 5.4 Medium |
| Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the Source or Destination field of the Configuration Manager (Configuration Parameter Translation) page. | ||||
| CVE-2020-8923 | 1 Dart | 1 Dart Software Development Kit | 2024-11-21 | 5.4 Medium |
| An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements. | ||||
| CVE-2020-8868 | 1 Quest | 1 Foglight Evolve | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553. | ||||
| CVE-2020-8839 | 1 Chiyu-t | 2 Bf-430, Bf-430 Firmware | 2024-11-21 | 6.1 Medium |
| Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field. | ||||
| CVE-2020-8825 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 5.4 Medium |
| index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS. | ||||
| CVE-2020-8824 | 1 Hitrontech | 2 Coda-4582u, Coda-4582u Firmware | 2024-11-21 | 5.4 Medium |
| Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen. | ||||
| CVE-2020-8823 | 1 Sockjs Project | 1 Sockjs | 2024-11-21 | 6.1 Medium |
| htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter. | ||||
| CVE-2020-8822 | 1 Digi | 4 Transport Wr21, Transport Wr21 Firmware, Transport Wr44 and 1 more | 2024-11-21 | 4.8 Medium |
| Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. | ||||
| CVE-2020-8821 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.4 Medium |
| An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users. | ||||
| CVE-2020-8820 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.4 Medium |
| An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. | ||||
| CVE-2020-8812 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug. | ||||