Total
37101 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-35419 | 1 Group-office | 1 Group Office | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter. | |||||
CVE-2020-35418 | 1 Group-office | 1 Group Office | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file. | |||||
CVE-2020-35416 | 1 Onlineonly | 1 Phpjabbers Appointment Scheduler | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML. | |||||
CVE-2020-35396 | 1 Egavilanmedia | 1 Barcodes Generator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website. | |||||
CVE-2020-35395 | 1 Egavilanmedia | 1 Expense Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field | |||||
CVE-2020-35373 | 1 Fiyo | 1 Fiyo Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. | |||||
CVE-2020-35349 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page). | |||||
CVE-2020-35346 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. | |||||
CVE-2020-35328 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Courier Management System 1.0 - 'First Name' Stored XSS | |||||
CVE-2020-35309 | 1 Bakeshop Online Ordering System Project | 1 Bakeshop Online Ordering System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories". | |||||
CVE-2020-35305 | 1 Gollum Project | 1 Gollum | 2024-11-21 | N/A | 6.1 MEDIUM |
Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog. | |||||
CVE-2020-35275 | 1 Coastercms | 1 Coastercms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application. | |||||
CVE-2020-35274 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS. | |||||
CVE-2020-35272 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields. | |||||
CVE-2020-35271 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields. | |||||
CVE-2020-35262 | 1 Digisol | 2 Dg-hr3400, Dg-hr3400 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be exploited via the NTP server name in Time and date module and "Keyword" in URL Filter. | |||||
CVE-2020-35261 | 1 Multi Restaurant Table Reservation System Project | 1 Multi Restaurant Table Reservation System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php. | |||||
CVE-2020-35252 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0. | |||||
CVE-2020-35249 | 1 Elkarbackup | 1 Elkarbackup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature. | |||||
CVE-2020-35240 | 1 Fluxbb | 1 Fluxbb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. |