Search Results (83912 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-35937 1 Pickplugins 2 Post Grid, Team Showcase 2024-11-21 7.5 High
Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts.
CVE-2020-35936 1 Pickplugins 2 Post Grid, Team Showcase 2024-11-21 7.5 High
Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.
CVE-2020-35933 1 Thenewsletterplugin 1 Newsletter 2024-11-21 6.5 Medium
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter.
CVE-2020-35931 3 Apple, Foxitsoftware, Microsoft 4 Macos, Foxit Reader, Phantompdf and 1 more 2024-11-21 7.8 High
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.
CVE-2020-35930 1 Seopanel 1 Seo Panel 2024-11-21 5.4 Medium
Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.
CVE-2020-35929 1 Kaspersky 1 Tinycheck 2024-11-21 9.8 Critical
In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data.
CVE-2020-35924 1 Try-mutex Project 1 Try-mutex 2024-11-21 5.5 Medium
An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex<T> allows cross-thread sending of a non-Send type.
CVE-2020-35896 1 Ws-rs Project 1 Ws-rs 2024-11-21 7.5 High
An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack.
CVE-2020-35895 1 Stack Project 1 Stack 2024-11-21 9.8 Critical
An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion.
CVE-2020-35894 1 Obstack Project 1 Obstack 2024-11-21 7.5 High
An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur.
CVE-2020-35881 1 Traitobject Project 1 Traitobject 2024-11-21 9.8 Critical
An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x.
CVE-2020-35876 1 Rio Project 1 Rio 2024-11-21 9.8 Critical
An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race.
CVE-2020-35859 1 Lucet-runtime-internals Project 1 Lucet-runtime-internals 2024-11-21 9.1 Critical
An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption.
CVE-2020-35858 1 Prost Project 1 Prost 2024-11-21 9.8 Critical
An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM).
CVE-2020-35856 1 Solarwinds 1 Orion Platform 2024-11-21 4.8 Medium
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
CVE-2020-35854 1 Textpattern 1 Textpattern 2024-11-21 4.8 Medium
Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.
CVE-2020-35853 1 4homepages 1 4images 2024-11-21 4.8 Medium
4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload.
CVE-2020-35852 1 Getgist 1 Chatbox 2024-11-21 6.1 Medium
Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS.
CVE-2020-35851 1 Hgiga 2 Msr45 Isherlock-user, Ssr45 Isherlock-user 2024-11-21 8.1 High
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.
CVE-2020-35845 1 Faststone 1 Image Viewer 2024-11-21 7.8 High
FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf.