Export limit exceeded: 13887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44554 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44554 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28139 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2024-11-21 | 6.1 Medium |
| SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. | ||||
| CVE-2020-28124 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. | ||||
| CVE-2020-28119 | 1 53kf | 1 53kf | 2024-11-21 | 6.1 Medium |
| Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window. | ||||
| CVE-2020-28092 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 6.1 Medium |
| PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id= | ||||
| CVE-2020-28071 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-11-21 | 4.8 Medium |
| SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS. | ||||
| CVE-2020-28047 | 1 Web-audimex | 1 Audimexee | 2024-11-21 | 5.4 Medium |
| AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to data leakage. | ||||
| CVE-2020-28038 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.5.2 allows stored XSS via post slugs. | ||||
| CVE-2020-28034 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.5.2 allows XSS associated with global variables. | ||||
| CVE-2020-28001 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 5.4 Medium |
| SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. | ||||
| CVE-2020-27991 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | ||||
| CVE-2020-27990 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | ||||
| CVE-2020-27989 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). | ||||
| CVE-2020-27988 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). | ||||
| CVE-2020-27982 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 6.1 Medium |
| IceWarp 11.4.5.0 allows XSS via the language parameter. | ||||
| CVE-2020-27980 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2024-11-21 | 5.4 Medium |
| Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users. | ||||
| CVE-2020-27974 | 1 Quadient | 1 Mail Accounting | 2024-11-21 | 6.1 Medium |
| NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS. | ||||
| CVE-2020-27957 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.4 Medium |
| The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension. | ||||
| CVE-2020-27885 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of the victim while the hacker maintains access. | ||||
| CVE-2020-27852 | 1 Rocketgenius | 1 Gravityforms | 2024-11-21 | 5.4 Medium |
| A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). | ||||
| CVE-2020-27851 | 1 Rocketgenius | 1 Gravityforms | 2024-11-21 | 5.4 Medium |
| Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). | ||||