Search Results (83835 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-26768 1 Formstone 1 Formstone 2024-11-21 6.1 Medium
Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site once the URL is clicked or visited. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials, force malware execution, user redirection and others.
CVE-2020-26762 1 Edimax 4 Ic-3116w, Ic-3116w Firmware, Ic-3140w and 1 more 2024-11-21 9.8 Critical
A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08.
CVE-2020-26733 1 Skyworth 2 Gn542vf, Gn542vf Firmware 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section.
CVE-2020-26713 1 Vanderbilt 1 Redcap 2024-11-21 6.1 Medium
REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session information or borrow user rights to perform unauthorized acts.
CVE-2020-26707 1 Aaptjs Project 1 Aaptjs 2024-11-21 9.8 Critical
An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter.
CVE-2020-26701 1 Kaaproject 1 Kaa 2024-11-21 5.4 Medium
Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter.
CVE-2020-26693 1 Pfsense 1 Pfsense 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function.
CVE-2020-26680 1 Vfairs 1 Vfairs 2024-11-21 5.4 Medium
In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentionally rendered out onto the page, and this can be abused to perform XSS attacks.
CVE-2020-26672 1 Testimonial Rotator Project 1 Testimonial Rotator 2024-11-21 5.4 Medium
Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will be stored in the database.
CVE-2020-26670 1 Bigtreecms 1 Bigtree Cms 2024-11-21 8.8 High
A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function.
CVE-2020-26669 1 Bigtreecms 1 Bigtree Cms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update.
CVE-2020-26664 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2024-11-21 7.8 High
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
CVE-2020-26642 1 Seacms 1 Seacms 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML.
CVE-2020-26609 1 Fastadmin 1 Fastadmin 2024-11-21 5.4 Medium
fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background.
CVE-2020-26584 1 Sagedpw 1 Sage Dpw 2024-11-21 6.1 Medium
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user's browser. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware.
CVE-2020-26582 1 Dlink 2 Dap-1360u, Dap-1360u Firmware 2024-11-21 8.8 High
D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18).
CVE-2020-26574 1 Leostream 1 Connection Broker 2024-11-21 9.6 Critical
Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-26572 4 Debian, Fedoraproject, Opensc Project and 1 more 4 Debian Linux, Fedora, Opensc and 1 more 2024-11-21 5.5 Medium
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
CVE-2020-26571 4 Debian, Fedoraproject, Opensc Project and 1 more 4 Debian Linux, Fedora, Opensc and 1 more 2024-11-21 5.5 Medium
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
CVE-2020-26570 4 Debian, Fedoraproject, Opensc Project and 1 more 4 Debian Linux, Fedora, Opensc and 1 more 2024-11-21 5.5 Medium
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.