Search Results (83808 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-25120 1 Vbulletin 1 Vbulletin 2024-11-21 4.8 Medium
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.
CVE-2020-25119 1 Vbulletin 1 Vbulletin 2024-11-21 4.8 Medium
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.
CVE-2020-25118 1 Vbulletin 1 Vbulletin 2024-11-21 4.8 Medium
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.
CVE-2020-25117 1 Vbulletin 1 Vbulletin 2024-11-21 4.8 Medium
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
CVE-2020-25116 1 Vbulletin 1 Vbulletin 2024-11-21 4.8 Medium
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.
CVE-2020-25115 1 Vbulletin 1 Vbulletin 2024-11-21 4.8 Medium
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
CVE-2020-25112 1 Contiki-os 1 Contiki-os 2024-11-21 9.8 Critical
An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.
CVE-2020-25111 1 Contiki-os 1 Contiki-os 2024-11-21 9.8 Critical
An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.
CVE-2020-25108 1 Ethernut 1 Nut\/os 2024-11-21 9.8 Critical
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked (it can be set to an arbitrary value from a packet). This may lead to successful Denial-of-Service, and possibly Remote Code Execution.
CVE-2020-25104 1 Eramba 1 Eramba 2024-11-21 5.4 Medium
eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension.
CVE-2020-25102 1 Advanced Reports Project 1 Advanced Reports 2024-11-21 6.1 Medium
silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter.
CVE-2020-25094 1 Logrhythm 1 Platform Manager 2024-11-21 9.8 Critical
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem privileges.
CVE-2020-25093 1 Ecommerce-codeigniter-bootstrap Project 1 Ecommerce-codeigniter-bootstrap 2024-11-21 6.1 Medium
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel.
CVE-2020-25092 1 Ecommerce-codeigniter-bootstrap Project 1 Ecommerce-codeigniter-bootstrap 2024-11-21 6.1 Medium
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel.
CVE-2020-25091 1 Ecommerce-codeigniter-bootstrap Project 1 Ecommerce-codeigniter-bootstrap 2024-11-21 6.1 Medium
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php.
CVE-2020-25090 1 Ecommerce-codeigniter-bootstrap Project 1 Ecommerce-codeigniter-bootstrap 2024-11-21 6.1 Medium
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php.
CVE-2020-25089 1 Ecommerce-codeigniter-bootstrap Project 1 Ecommerce-codeigniter-bootstrap 2024-11-21 6.1 Medium
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php.
CVE-2020-25088 1 Ecommerce-codeigniter-bootstrap Project 1 Ecommerce-codeigniter-bootstrap 2024-11-21 6.1 Medium
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php.
CVE-2020-25087 1 Ecommerce-codeigniter-bootstrap Project 1 Ecommerce-codeigniter-bootstrap 2024-11-21 6.1 Medium
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php.
CVE-2020-25086 1 Ecommerce-codeigniter-bootstrap Project 1 Ecommerce-codeigniter-bootstrap 2024-11-21 6.1 Medium
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php.