Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26153 | 1 Eventespresso | 1 Event Espresso | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2020-26135 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO. | |||||
| CVE-2020-26134 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode. | |||||
| CVE-2020-26120 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM. | |||||
| CVE-2020-26115 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574). | |||||
| CVE-2020-26114 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573). | |||||
| CVE-2020-26113 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). | |||||
| CVE-2020-26111 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). | |||||
| CVE-2020-26110 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). | |||||
| CVE-2020-26083 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials. | |||||
| CVE-2020-26052 | 1 Phpgurukul | 1 Online Marriage Registration System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters. | |||||
| CVE-2020-26049 | 1 Niftypm | 1 Nifty-pm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution. | |||||
| CVE-2020-26046 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors. | |||||
| CVE-2020-26043 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php | |||||
| CVE-2020-26035 | 1 Zammad | 1 Zammad | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket. | |||||
| CVE-2020-26006 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Project Worlds Online Examination System 1.0 is affected by Cross Site Scripting (XSS) via account.php. | |||||
| CVE-2020-25955 | 1 Student Management System Project In Php Project | 1 Student Management System Project In Php | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the 'add subject' tab. | |||||
| CVE-2020-25925 | 1 Icewarp | 1 Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | |||||
| CVE-2020-25915 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login. | |||||
| CVE-2020-25902 | 1 Blackboard | 1 Collaborate Ultra | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class. NOTE: Third-parties dispute the validity of this entry as a possible false positive during research | |||||