Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35373 | 1 Fiyo | 1 Fiyo Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. | |||||
| CVE-2020-35349 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page). | |||||
| CVE-2020-35346 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. | |||||
| CVE-2020-35328 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Courier Management System 1.0 - 'First Name' Stored XSS | |||||
| CVE-2020-35309 | 1 Bakeshop Online Ordering System Project | 1 Bakeshop Online Ordering System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories". | |||||
| CVE-2020-35305 | 1 Gollum Project | 1 Gollum | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog. | |||||
| CVE-2020-35275 | 1 Coastercms | 1 Coastercms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application. | |||||
| CVE-2020-35274 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS. | |||||
| CVE-2020-35272 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields. | |||||
| CVE-2020-35271 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields. | |||||
| CVE-2020-35262 | 1 Digisol | 2 Dg-hr3400, Dg-hr3400 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be exploited via the NTP server name in Time and date module and "Keyword" in URL Filter. | |||||
| CVE-2020-35261 | 1 Multi Restaurant Table Reservation System Project | 1 Multi Restaurant Table Reservation System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php. | |||||
| CVE-2020-35252 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0. | |||||
| CVE-2020-35249 | 1 Elkarbackup | 1 Elkarbackup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature. | |||||
| CVE-2020-35240 | 1 Fluxbb | 1 Fluxbb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. | |||||
| CVE-2020-35228 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter. | |||||
| CVE-2020-35206 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-35204 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-35203 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-35202 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS. | |||||