Vulnerabilities (CVE)

Filtered by CWE-79
Total 37089 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-29539 1 Systransoft 1 Pure Neural Server 2024-11-21 3.5 LOW 5.4 MEDIUM
A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pure Neural Server before 9.7.0 allows a threat actor to have a remote authenticated user run JavaScript from a malicious site.
CVE-2020-29535 1 Rsa 1 Archer 2024-11-21 3.5 LOW 5.3 MEDIUM
Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
CVE-2020-29497 1 Dell 1 Wyse Management Suite 2024-11-21 3.5 LOW 5.4 MEDIUM
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
CVE-2020-29496 1 Dell 1 Wyse Management Suite 2024-11-21 3.5 LOW 4.8 MEDIUM
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
CVE-2020-29477 1 Invisioncommunity 1 Community 2024-11-21 3.5 LOW 4.8 MEDIUM
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
CVE-2020-29475 1 Nopcommerce 1 Store 2024-11-21 3.5 LOW 4.8 MEDIUM
nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
CVE-2020-29471 1 Opencart 1 Opencart 2024-11-21 3.5 LOW 4.8 MEDIUM
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
CVE-2020-29470 1 Opencart 1 Opencart 2024-11-21 3.5 LOW 4.8 MEDIUM
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
CVE-2020-29469 1 Wondercms 1 Wondercms 2024-11-21 3.5 LOW 5.4 MEDIUM
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the crafted payload.
CVE-2020-29456 1 Papermerge 1 Papermerge 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in Papermerge, a malicious document can be sent by email and is automatically uploaded into the Papermerge web application. Therefore, no authentication is required to exploit XSS if email consumption is configured. Otherwise authentication is required.
CVE-2020-29455 1 Smartystreets 1 Liveaddressplugin.js 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country).
CVE-2020-29395 1 Myeventon 1 Eventon 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
CVE-2020-29364 1 Netartmedia 1 News Lister 2024-11-21 3.5 LOW 4.8 MEDIUM
In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles.
CVE-2020-29315 1 Thinkadmin 1 Thinkadmin 2024-11-21 4.3 MEDIUM 5.4 MEDIUM
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.
CVE-2020-29304 1 Directoriespro 1 Directories Pro 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through the file import workflow.
CVE-2020-29303 1 Directoriespro 1 Directories Pro 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with _drts_form_build_id parameter containing the XSS payload and _t_ parameter set to an invalid or non-existent CSRF token.
CVE-2020-29259 1 Online Examination System Project 1 Online Examination System 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php.
CVE-2020-29258 1 Online Examination System Project 1 Online Examination System 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to index.php.
CVE-2020-29257 1 Online Examination System Project 1 Online Examination System 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to feedback.php.
CVE-2020-29250 1 Cxuu 1 Cxuucms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.