Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25476 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected and reflected in the calendar of the user who submitted the payload. An attacker could escalate its privileges in case an admin visits the calendar that injected the payload. | |||||
| CVE-2020-25474 | 1 Newsscriptphp | 1 News Script Php Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter. | |||||
| CVE-2020-25470 | 1 Antsword Project | 1 Antsword | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution. | |||||
| CVE-2020-25454 | 1 Grocy Project | 1 Grocy | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe. | |||||
| CVE-2020-25449 | 1 Arachnys | 1 Cabot | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column. | |||||
| CVE-2020-25444 | 1 Bookingcore | 1 Booking Core | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section. | |||||
| CVE-2020-25422 | 1 Mara Cms Project | 1 Mara Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2020-25399 | 1 Mind | 1 Imind Server | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat. | |||||
| CVE-2020-25394 | 1 Mozilo | 1 Mozilocms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter. | |||||
| CVE-2020-25392 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin. | |||||
| CVE-2020-25391 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module. | |||||
| CVE-2020-25385 | 1 Nagios | 1 Log Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page. | |||||
| CVE-2020-25380 | 1 Recall-products Project | 1 Recall-products | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed. | |||||
| CVE-2020-25378 | 1 Accesspressthemes | 1 Wp Floating Menu | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. | |||||
| CVE-2020-25375 | 1 Softrade | 1 Wp Smart Crm \& Invoices | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field. | |||||
| CVE-2020-25352 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving. | |||||
| CVE-2020-25343 | 1 Getsymphony | 1 Symphony | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php | |||||
| CVE-2020-25288 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript. | |||||
| CVE-2020-25272 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php. | |||||
| CVE-2020-25271 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php. | |||||