Total
37686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-21147 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering. | |||||
| CVE-2020-21146 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS. | |||||
| CVE-2020-21142 | 1 Ipfire | 1 Ipfire | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi. | |||||
| CVE-2020-21130 | 1 Hisiphp | 1 Hisiphp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in addgroup.html. | |||||
| CVE-2020-21101 | 1 Screenly | 1 Screenly | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-21088 | 1 X2engine | 1 X2crm | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page" | |||||
| CVE-2020-21087 | 1 X2engine | 1 X2crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool. | |||||
| CVE-2020-21082 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names. | |||||
| CVE-2020-21054 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php. | |||||
| CVE-2020-21053 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php. | |||||
| CVE-2020-21003 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php. | |||||
| CVE-2020-20990 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter. | |||||
| CVE-2020-20988 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter. | |||||
| CVE-2020-20982 | 1 Wdja | 1 Wdja Cms | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php. | |||||
| CVE-2020-20977 | 1 Ukcms | 1 Ukcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section. | |||||
| CVE-2020-20946 | 1 Qibosoft | 1 Qibosoft | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add. | |||||
| CVE-2020-20908 | 1 Akaunting | 1 Akaunting | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field. | |||||
| CVE-2020-20808 | 1 Qibosoft | 1 Qibosoft | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php. | |||||
| CVE-2020-20799 | 1 Jeecms | 1 Jeecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter. | |||||
| CVE-2020-20781 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields. | |||||