Search Results (331932 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-23058 1 File Explorer Project 1 File Explorer 2024-11-21 4.6 Medium
An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data.
CVE-2020-23055 1 Lancom-systems 3 Lcos, Wlc-1000, Wlc-4006 2024-11-21 5.4 Medium
ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module via the userid and password parameters.
CVE-2020-23054 1 User-agent Switcher And Manager Project 1 User-agent Switcher And Manager 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field.
CVE-2020-23052 1 Catalyst 1 Mahara 2024-11-21 5.4 Medium
Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters.
CVE-2020-23051 1 User Registration \& Login And User Management System With Admin Panel Project 1 User Registration \& Login And User Management System With Admin Panel 2024-11-21 6.1 Medium
Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields.
CVE-2020-23050 1 Taotesting 1 Tao Assessment Platform 2024-11-21 8.0 High
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code.
CVE-2020-23049 1 Fork-cms 1 Fork Cms 2024-11-21 5.4 Medium
Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-23048 1 Seeddms 1 Seeddms 2024-11-21 6.1 Medium
SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters.
CVE-2020-23047 1 Macs Cms Project 1 Macs Cms 2024-11-21 6.1 Medium
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module.
CVE-2020-23046 1 Dedecms 1 Dedecms 2024-11-21 6.1 Medium
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
CVE-2020-23045 1 Macs Cms Project 1 Macs Cms 2024-11-21 7.2 High
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules.
CVE-2020-23044 1 Dedecms 1 Dedecms 2024-11-21 5.4 Medium
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
CVE-2020-23043 1 Air Sender Project 1 Air Sender 2024-11-21 8.8 High
Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file.
CVE-2020-23042 1 Dropouts 1 Super Backup 2024-11-21 6.1 Medium
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.
CVE-2020-23041 1 Dropouts 1 Air Share 2024-11-21 6.1 Medium
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.
CVE-2020-23040 1 Sky File Project 1 Sky File 2024-11-21 7.5 High
Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands.
CVE-2020-23039 1 Newsoftwares 1 Folder Lock 2024-11-21 5.4 Medium
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name.
CVE-2020-23038 1 Kumilabs 1 Swift File Transfer 2024-11-21 7.5 High
Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables.
CVE-2020-23037 1 Portable 1 Playable 2024-11-21 9.8 Critical
Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.
CVE-2020-23036 1 Medianavi 1 Smacom 2024-11-21 5.9 Medium
MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack.