Export limit exceeded: 44449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44449 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-16847 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 6.1 Medium |
| Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. | ||||
| CVE-2020-16632 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter. | ||||
| CVE-2020-16608 | 1 Notable | 1 Notable | 2024-11-21 | 9.6 Critical |
| Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). | ||||
| CVE-2020-16278 | 1 Carson-saint | 1 Saint Security Suite | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link. | ||||
| CVE-2020-16275 | 1 Carson-saint | 1 Saint Security Suite | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link. | ||||
| CVE-2020-16270 | 1 Olimpoks | 1 Olimpok | 2024-11-21 | 6.1 Medium |
| OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries. | ||||
| CVE-2020-16266 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 5.4 Medium |
| An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it). | ||||
| CVE-2020-16258 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 7.1 High |
| Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials. | ||||
| CVE-2020-16255 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 6.1 Medium |
| ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.' | ||||
| CVE-2020-16246 | 1 Ge | 4 S2020, S2020 Firmware, S2024 and 1 more | 2024-11-21 | 6.1 Medium |
| The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client. | ||||
| CVE-2020-16242 | 1 Ge | 4 S2020, S2020 Firmware, S2024 and 1 more | 2024-11-21 | 6.1 Medium |
| The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. | ||||
| CVE-2020-16210 | 1 Redlion | 4 N-tron 702-w, N-tron 702-w Firmware, N-tron 702m12-w and 1 more | 2024-11-21 | 9.0 Critical |
| The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions). | ||||
| CVE-2020-16206 | 1 Redlion | 4 N-tron 702-w, N-tron 702-w Firmware, N-tron 702m12-w and 1 more | 2024-11-21 | 9.0 Critical |
| The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions). | ||||
| CVE-2020-16193 | 1 Osticket | 1 Osticket | 2024-11-21 | 5.4 Medium |
| osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. | ||||
| CVE-2020-16192 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 6.1 Medium |
| LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters. | ||||
| CVE-2020-16170 | 1 Robotemi | 1 Temi | 2024-11-21 | 7.5 High |
| Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors. | ||||
| CVE-2020-16157 | 1 Nagios | 1 Log Server | 2024-11-21 | 5.4 Medium |
| A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu. | ||||
| CVE-2020-16145 | 2 Fedoraproject, Roundcube | 2 Fedora, Webmail | 2024-11-21 | 6.1 Medium |
| Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. | ||||
| CVE-2020-16140 | 1 Thembay | 1 Greenmart | 2024-11-21 | 6.1 Medium |
| The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS. | ||||
| CVE-2020-16131 | 1 Tiki | 1 Tiki | 2024-11-21 | 6.1 Medium |
| Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php. | ||||