Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36526 | 1 Akeles | 1 Countdown Timer | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability classified as problematic was found in Countdown Timer. This vulnerability affects unknown code of the component Macro Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36525 | 1 Servicerocket | 1 Linking | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability classified as problematic has been found in Linking. This affects an unknown part of the component New Windows Macro. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36524 | 1 Refined | 1 Refined Toolkit | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36523 | 1 Avono | 1 Plantuml | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in PlantUML 6.43. It has been declared as problematic. Affected by this vulnerability is the component Database Information Macro. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36510 | 1 Codetipi | 1 15zine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2020-36502 | 1 Swiftfiletransfer | 1 Swift File Transfer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself. | |||||
| CVE-2020-36501 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields. | |||||
| CVE-2020-36499 | 1 Taotesting | 1 Tao Assessment Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the content parameter of the Rubric Block (Add) module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value. | |||||
| CVE-2020-36498 | 1 Macrob7 Macs Framework Content Management System Project | 1 Macrob7 Macs Framework Content Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field. | |||||
| CVE-2020-36497 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters. | |||||
| CVE-2020-36496 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. | |||||
| CVE-2020-36495 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters. | |||||
| CVE-2020-36494 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. | |||||
| CVE-2020-36493 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | |||||
| CVE-2020-36492 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | |||||
| CVE-2020-36491 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | |||||
| CVE-2020-36490 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | |||||
| CVE-2020-36489 | 1 Dropouts | 1 Air Share | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information. | |||||
| CVE-2020-36486 | 4 Apple, Blackberry, Google and 1 more | 4 Iphone Os, Blackberry Os, Android and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling. | |||||
| CVE-2020-36416 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module. | |||||