Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24390 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. | |||||
| CVE-2020-24353 | 1 Pega | 1 Pega Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. | |||||
| CVE-2020-24316 | 1 Admin Menu Project | 1 Admin Menu | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | |||||
| CVE-2020-24314 | 1 Rss Feed Widget Project | 1 Rss Feed Widget | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | |||||
| CVE-2020-24313 | 1 Etoilewebdesign | 1 Ultimate Appointment Booking \& Scheduling | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | |||||
| CVE-2020-24303 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. | |||||
| CVE-2020-24301 | 1 Hapifhir | 1 Testpage Overlay | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believed to be widely used for any production purposes. | |||||
| CVE-2020-24223 | 1 Mara Cms Project | 1 Mara Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. | |||||
| CVE-2020-24198 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' | |||||
| CVE-2020-24194 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter. | |||||
| CVE-2020-24188 | 1 Unitedplanet | 1 Intrexx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter. | |||||
| CVE-2020-24145 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action. | |||||
| CVE-2020-24138 | 1 Wcms | 1 Wcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php. | |||||
| CVE-2020-24135 | 1 Wcms | 1 Wcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php. | |||||
| CVE-2020-24104 | 1 Pix-link | 2 Lv-wr07, Lv-wr07 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter. | |||||
| CVE-2020-24085 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code. | |||||
| CVE-2020-24075 | 1 Laborator | 1 Kalium | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code. | |||||
| CVE-2020-24026 | 1 Tinyshop Project | 1 Tinyshop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scripting (XSS) or information disclosure. | |||||
| CVE-2020-23992 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request. | |||||
| CVE-2020-23989 | 1 Nedi | 1 Nedi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C allows pwsec.php oid XSS. | |||||