Export limit exceeded: 44552 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44552 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27741 | 1 Citadel | 1 Webcit | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread. | ||||
| CVE-2020-27735 | 1 Wftpserver | 1 Wing Ftp Server | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser. | ||||
| CVE-2020-27726 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 6.1 Medium |
| In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. | ||||
| CVE-2020-27719 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 6.1 Medium |
| On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. | ||||
| CVE-2020-27691 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2024-11-21 | 6.1 Medium |
| The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings. | ||||
| CVE-2020-27689 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2024-11-21 | 9.8 Critical |
| The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version. | ||||
| CVE-2020-27666 | 1 Strapi | 1 Strapi | 2024-11-21 | 5.4 Medium |
| Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature. | ||||
| CVE-2020-27659 | 1 Synology | 1 Safeaccess | 2024-11-21 | 8.4 High |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. | ||||
| CVE-2020-27642 | 1 Bigbluebutton | 1 Greenlight | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. | ||||
| CVE-2020-27620 | 1 Mediawiki | 1 Skin\ | 2024-11-21 | 6.1 Medium |
| The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups. | ||||
| CVE-2020-27608 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 6.1 Medium |
| In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document. | ||||
| CVE-2020-27576 | 1 Maxum | 1 Rumpus | 2024-11-21 | 5.4 Medium |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-27533 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. | ||||
| CVE-2020-27515 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2024-11-21 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field. | ||||
| CVE-2020-27509 | 1 Galaxkey | 1 Galaxkey | 2024-11-21 | 5.4 Medium |
| Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox. | ||||
| CVE-2020-27478 | 1 Simplcommerce | 1 Simplcommerce | 2024-11-21 | 7.1 High |
| Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature. | ||||
| CVE-2020-27459 | 1 Chronoengine | 1 Chronoforums | 2024-11-21 | 6.1 Medium |
| Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed. | ||||
| CVE-2020-27449 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload. | ||||
| CVE-2020-27428 | 1 Mit | 1 Scratch-svg-renderer | 2024-11-21 | 6.1 Medium |
| A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file. | ||||
| CVE-2020-27409 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.1 Medium |
| OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter. | ||||