Vulnerabilities (CVE)

Filtered by CWE-79
Total 37101 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-35419 1 Group-office 1 Group Office 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
CVE-2020-35418 1 Group-office 1 Group Office 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
CVE-2020-35416 1 Onlineonly 1 Phpjabbers Appointment Scheduler 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.
CVE-2020-35396 1 Egavilanmedia 1 Barcodes Generator 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website.
CVE-2020-35395 1 Egavilanmedia 1 Expense Management System 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field
CVE-2020-35373 1 Fiyo 1 Fiyo Cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack.
CVE-2020-35349 1 Techkshetrainfo 1 Savsoft Quiz 2024-11-21 3.5 LOW 4.8 MEDIUM
Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page).
CVE-2020-35346 1 Cxuu 1 Cxuucms 2024-11-21 3.5 LOW 4.8 MEDIUM
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.
CVE-2020-35328 1 Courier Management System Project 1 Courier Management System 2024-11-21 3.5 LOW 5.4 MEDIUM
Courier Management System 1.0 - 'First Name' Stored XSS
CVE-2020-35309 1 Bakeshop Online Ordering System Project 1 Bakeshop Online Ordering System 2024-11-21 3.5 LOW 4.8 MEDIUM
Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories".
CVE-2020-35305 1 Gollum Project 1 Gollum 2024-11-21 N/A 6.1 MEDIUM
Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.
CVE-2020-35275 1 Coastercms 1 Coastercms 2024-11-21 3.5 LOW 5.4 MEDIUM
Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application.
CVE-2020-35274 1 Dotcms 1 Dotcms 2024-11-21 3.5 LOW 4.8 MEDIUM
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.
CVE-2020-35272 1 Employee Performance Evaluation System Project 1 Employee Performance Evaluation System 2024-11-21 3.5 LOW 4.8 MEDIUM
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.
CVE-2020-35271 1 Employee Performance Evaluation System Project 1 Employee Performance Evaluation System 2024-11-21 3.5 LOW 4.8 MEDIUM
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields.
CVE-2020-35262 1 Digisol 2 Dg-hr3400, Dg-hr3400 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be exploited via the NTP server name in Time and date module and "Keyword" in URL Filter.
CVE-2020-35261 1 Multi Restaurant Table Reservation System Project 1 Multi Restaurant Table Reservation System 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.
CVE-2020-35252 1 Egavilanmedia 1 User Registration And Login System With Admin Panel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0.
CVE-2020-35249 1 Elkarbackup 1 Elkarbackup 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature.
CVE-2020-35240 1 Fluxbb 1 Fluxbb 2024-11-21 3.5 LOW 4.8 MEDIUM
FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.