Total
37716 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28141 | 1 Online Discussion Forum Project | 1 Online Discussion Forum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page. | |||||
| CVE-2020-28139 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. | |||||
| CVE-2020-28129 | 1 Adrianmercurio | 1 Gym Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'. | |||||
| CVE-2020-28124 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. | |||||
| CVE-2020-28119 | 1 53kf | 1 53kf | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window. | |||||
| CVE-2020-28092 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id= | |||||
| CVE-2020-28071 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS. | |||||
| CVE-2020-28047 | 1 Web-audimex | 1 Audimexee | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to data leakage. | |||||
| CVE-2020-28038 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.5.2 allows stored XSS via post slugs. | |||||
| CVE-2020-28034 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.5.2 allows XSS associated with global variables. | |||||
| CVE-2020-28001 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. | |||||
| CVE-2020-27991 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | |||||
| CVE-2020-27990 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | |||||
| CVE-2020-27989 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). | |||||
| CVE-2020-27988 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). | |||||
| CVE-2020-27982 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp 11.4.5.0 allows XSS via the language parameter. | |||||
| CVE-2020-27980 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users. | |||||
| CVE-2020-27974 | 1 Quadient | 1 Mail Accounting | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS. | |||||
| CVE-2020-27957 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension. | |||||
| CVE-2020-27885 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of the victim while the hacker maintains access. | |||||