Total
37016 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-19286 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor. | |||||
CVE-2020-19285 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field. | |||||
CVE-2020-19284 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field. | |||||
CVE-2020-19283 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. | |||||
CVE-2020-19282 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. | |||||
CVE-2020-19281 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. | |||||
CVE-2020-19274 | 1 Dhcms Project | 1 Dhcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 in guestbook via the message board, which could let a remote malicious user execute arbitrary code. | |||||
CVE-2020-19266 | 1 Dswjcms Project | 1 Dswjcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. | |||||
CVE-2020-19265 | 1 Dswjcms Project | 1 Dswjcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. | |||||
CVE-2020-19204 | 1 Ipfire | 1 Ipfire | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. It allows an authenticated WebGUI user to execute Stored Cross-site Scripting in the Routing Table Entries. | |||||
CVE-2020-19203 | 1 Netgate | 1 Pfsense | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr (description) parameter of wake-on-LAN entries in its output, leading to a possible stored XSS. | |||||
CVE-2020-19202 | 1 Ipfire | 1 Ipfire | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page. | |||||
CVE-2020-19201 | 1 Netgate | 1 Pfsense | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr (description) parameter on NAT rules. | |||||
CVE-2020-19158 | 1 S-cms | 1 S-cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'. | |||||
CVE-2020-19157 | 1 Wenkucms Project | 1 Wenkucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'. | |||||
CVE-2020-19156 | 1 Ari-soft | 1 Ari Adminer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called. | |||||
CVE-2020-19148 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'. | |||||
CVE-2020-19118 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. | |||||
CVE-2020-19049 | 1 Mybb | 1 Mybb | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. | |||||
CVE-2020-19048 | 1 Mybb | 1 Mybb | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. |