Search

Search Results (362450 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-25445 1 Bookingcore 1 Booking Core 2024-11-21 7.8 High
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed.
CVE-2020-25444 1 Bookingcore 1 Booking Core 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section.
CVE-2020-25427 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.
CVE-2020-25422 1 Mara Cms Project 1 Mara Cms 2024-11-21 5.4 Medium
A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-25414 1 Monstra 1 Monstra 2024-11-21 9.8 Critical
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code.
CVE-2020-25411 1 Online Examination System Project 1 Online Examination System 2024-11-21 6.5 Medium
Projectworlds Online Examination System 1.0 is vulnerable to CSRF, which allows a remote attacker to delete the existing user.
CVE-2020-25409 1 College Management System Project 1 College Management System 2024-11-21 9.8 Critical
Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters.
CVE-2020-25408 1 College Management System Project 1 College Management System 2024-11-21 6.5 Medium
A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data.
CVE-2020-25406 1 Lemocms 1 Lemocms 2024-11-21 7.3 High
app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files.
CVE-2020-25400 1 Taskcafe Project 1 Taskcafe 2024-11-21 7.5 High
Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token.
CVE-2020-25399 1 Mind 1 Imind Server 2024-11-21 7.8 High
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat.
CVE-2020-25398 1 Mind 1 Imind Server 2024-11-21 8.8 High
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality.
CVE-2020-25394 1 Mozilo 1 Mozilocms 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter.
CVE-2020-25392 1 Cszcms 1 Csz Cms 2024-11-21 5.4 Medium
A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin.
CVE-2020-25391 1 Cszcms 1 Csz Cms 2024-11-21 5.4 Medium
A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module.
CVE-2020-25385 1 Nagios 1 Log Server 2024-11-21 6.1 Medium
Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.
CVE-2020-25380 1 Recall-products Project 1 Recall-products 2024-11-21 5.4 Medium
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed.
CVE-2020-25379 1 Recall-products Project 1 Recall-products 2024-11-21 8.8 High
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query.
CVE-2020-25378 1 Accesspressthemes 1 Wp Floating Menu 2024-11-21 6.1 Medium
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.
CVE-2020-25375 1 Softrade 1 Wp Smart Crm \& Invoices 2024-11-21 5.4 Medium
Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field.