Vulnerabilities (CVE)

Filtered by CWE-79
Total 37078 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25628 1 Moodle 1 Moodle 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
CVE-2020-25627 1 Moodle 1 Moodle 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2.
CVE-2020-25626 3 Debian, Encode, Redhat 3 Debian Linux, Django Rest Framework, Ceph Storage 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
CVE-2020-25611 1 Mitel 1 Micollab 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an attacker to view user conference information.
CVE-2020-25609 1 Mitel 1 Micollab 2024-11-21 3.5 LOW 5.4 MEDIUM
The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data.
CVE-2020-25606 1 Mitel 1 Micollab 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS.
CVE-2020-25516 1 Wso2 1 Enterprise Integrator 2024-11-21 3.5 LOW 5.4 MEDIUM
WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks.
CVE-2020-25498 1 Beetel 2 777vr1, 777vr1 Firmware 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and "Keyword" in URL Filter.
CVE-2020-25495 1 Xinuos 1 Openserver 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
CVE-2020-25491 1 6kare 1 Emakin 2024-11-21 N/A 6.1 MEDIUM
6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page.
CVE-2020-25476 1 Liferay 1 Liferay Portal 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected and reflected in the calendar of the user who submitted the payload. An attacker could escalate its privileges in case an admin visits the calendar that injected the payload.
CVE-2020-25474 1 Newsscriptphp 1 News Script Php Pro 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.
CVE-2020-25470 1 Antsword Project 1 Antsword 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.
CVE-2020-25454 1 Grocy Project 1 Grocy 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe.
CVE-2020-25449 1 Arachnys 1 Cabot 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column.
CVE-2020-25444 1 Bookingcore 1 Booking Core 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section.
CVE-2020-25422 1 Mara Cms Project 1 Mara Cms 2024-11-21 3.5 LOW 5.4 MEDIUM
A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-25399 1 Mind 1 Imind Server 2024-11-21 6.8 MEDIUM 7.8 HIGH
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat.
CVE-2020-25394 1 Mozilo 1 Mozilocms 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter.
CVE-2020-25392 1 Cszcms 1 Csz Cms 2024-11-21 3.5 LOW 5.4 MEDIUM
A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin.