Vulnerabilities (CVE)

Filtered by CWE-79
Total 37684 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-19884 1 Dbhcms Project 1 Dbhcms 2024-11-21 3.5 LOW 4.8 MEDIUM
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119.
CVE-2020-19883 1 Dbhcms Project 1 Dbhcms 2024-11-21 3.5 LOW 4.8 MEDIUM
DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
CVE-2020-19882 1 Dbhcms Project 1 Dbhcms 2024-11-21 3.5 LOW 4.8 MEDIUM
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
CVE-2020-19881 1 Dbhcms Project 1 Dbhcms 2024-11-21 3.5 LOW 4.8 MEDIUM
DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
CVE-2020-19880 1 Dbhcms Project 1 Dbhcms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users.
CVE-2020-19879 1 Dbhcms Project 1 Dbhcms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107,
CVE-2020-19855 1 Phpwcms 1 Phpwcms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.
CVE-2020-19762 1 Carrier 1 Webctrl System 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.
CVE-2020-19709 1 Feehi 1 Feehicms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload.
CVE-2020-19704 1 Spring-boot-admin Project 1 Spring-boot-admin 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19703 1 Dzzoffice 1 Dzzoffice 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-19683 1 Zzzcms 1 Zzzcms 2024-11-21 3.5 LOW 5.4 MEDIUM
A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.
CVE-2020-19643 1 Insma 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page.
CVE-2020-19626 1 Craftcms 1 Craft Cms 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
CVE-2020-19619 1 Mblog Project 1 Mblog 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
CVE-2020-19618 1 Mblog Project 1 Mblog 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
CVE-2020-19617 1 Mblog Project 1 Mblog 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.
CVE-2020-19616 1 Mblog Project 1 Mblog 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
CVE-2020-19611 1 Racktables Project 1 Racktables 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter.
CVE-2020-19587 1 Idera 1 Yellowfin Business Intelligence 2024-11-21 N/A 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.