Total
37076 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25380 | 1 Recall-products Project | 1 Recall-products | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed. | |||||
| CVE-2020-25378 | 1 Accesspressthemes | 1 Wp Floating Menu | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. | |||||
| CVE-2020-25375 | 1 Softrade | 1 Wp Smart Crm \& Invoices | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field. | |||||
| CVE-2020-25352 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving. | |||||
| CVE-2020-25343 | 1 Getsymphony | 1 Symphony | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php | |||||
| CVE-2020-25288 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript. | |||||
| CVE-2020-25272 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php. | |||||
| CVE-2020-25271 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php. | |||||
| CVE-2020-25270 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. | |||||
| CVE-2020-25267 | 1 Ilias | 1 Ilias | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. | |||||
| CVE-2020-25205 | 1 Mimosa | 6 B5, B5 Firmware, B5c and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain arbitrary JavaScript. The file contents are then used as part of a welcome/banner message presented to unauthenticated users who visit the login page for the web console. This vulnerability does not occur in the older 1.5.x firmware versions. | |||||
| CVE-2020-25163 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 4.9 MEDIUM | 7.7 HIGH |
| A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions. | |||||
| CVE-2020-25158 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-11-21 | 4.3 MEDIUM | 7.6 HIGH |
| A reflected cross-site scripting (XSS) vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations. | |||||
| CVE-2020-25148 | 1 Observium | 1 Observium | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php. | |||||
| CVE-2020-25146 | 1 Observium | 1 Observium | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule. | |||||
| CVE-2020-25141 | 1 Observium | 1 Observium | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI. | |||||
| CVE-2020-25140 | 1 Observium | 1 Observium | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php. | |||||
| CVE-2020-25139 | 1 Observium | 1 Observium | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php. | |||||
| CVE-2020-25138 | 1 Observium | 1 Observium | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php. | |||||
| CVE-2020-25137 | 1 Observium | 1 Observium | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI. | |||||