Total
37387 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25118 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. | |||||
| CVE-2020-25117 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. | |||||
| CVE-2020-25116 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. | |||||
| CVE-2020-25115 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. | |||||
| CVE-2020-25104 | 1 Eramba | 1 Eramba | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension. | |||||
| CVE-2020-25102 | 1 Advanced Reports Project | 1 Advanced Reports | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter. | |||||
| CVE-2020-25093 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel. | |||||
| CVE-2020-25092 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel. | |||||
| CVE-2020-25091 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php. | |||||
| CVE-2020-25090 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php. | |||||
| CVE-2020-25089 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php. | |||||
| CVE-2020-25088 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php. | |||||
| CVE-2020-25087 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php. | |||||
| CVE-2020-25086 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php. | |||||
| CVE-2020-25071 | 1 Niftypm | 1 Nifty | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Note: It has been argued that this is not reproducible. "The original issue was that the task would be created and an alert would be shown on the screen. Now the task would be created, but the alert won't be executed as those attributes are now stripped. | |||||
| CVE-2020-25033 | 1 Blubrry | 1 Subscribe Sidebar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS. | |||||
| CVE-2020-24993 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module. | |||||
| CVE-2020-24992 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module. | |||||
| CVE-2020-24963 | 1 Appsbd | 1 Best Support System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4. | |||||
| CVE-2020-24924 | 1 Elkarbackup | 1 Elkarbackup | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter | |||||