Total
37719 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29470 | 1 Opencart | 1 Opencart | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. | |||||
| CVE-2020-29469 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the crafted payload. | |||||
| CVE-2020-29456 | 1 Papermerge | 1 Papermerge | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in Papermerge, a malicious document can be sent by email and is automatically uploaded into the Papermerge web application. Therefore, no authentication is required to exploit XSS if email consumption is configured. Otherwise authentication is required. | |||||
| CVE-2020-29455 | 1 Smartystreets | 1 Liveaddressplugin.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country). | |||||
| CVE-2020-29395 | 1 Myeventon | 1 Eventon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. | |||||
| CVE-2020-29364 | 1 Netartmedia | 1 News Lister | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles. | |||||
| CVE-2020-29315 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML. | |||||
| CVE-2020-29304 | 1 Directoriespro | 1 Directories Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through the file import workflow. | |||||
| CVE-2020-29303 | 1 Directoriespro | 1 Directories Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with _drts_form_build_id parameter containing the XSS payload and _t_ parameter set to an invalid or non-existent CSRF token. | |||||
| CVE-2020-29259 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php. | |||||
| CVE-2020-29258 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to index.php. | |||||
| CVE-2020-29257 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to feedback.php. | |||||
| CVE-2020-29250 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. | |||||
| CVE-2020-29249 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CXUUCMS V3 allows class="layui-input" XSS. | |||||
| CVE-2020-29247 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload. | |||||
| CVE-2020-29241 | 1 Online News Portal Project | 1 Online News Portal | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the "Title" parameter. | |||||
| CVE-2020-29240 | 1 Lepton-cms | 1 Leptoncms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered. | |||||
| CVE-2020-29239 | 1 Janobe | 1 Online Voting System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload. | |||||
| CVE-2020-29233 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload. | |||||
| CVE-2020-29231 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability can result in the attacker injecting the XSS payload in Admin Full Name and each time admin visits the Profile page from the admin panel, the XSS triggers. | |||||