Search Results (83802 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-24609 1 Techkshetrainfo 1 Savsoft Quiz 2024-11-21 6.1 Medium
TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload.
CVE-2020-24604 1 Igniterealtime 1 Openfire 2024-11-21 6.1 Medium
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in server-properties.jsp and security-audit-viewer.jsp
CVE-2020-24602 1 Igniterealtime 1 Openfire 2024-11-21 6.1 Medium
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in the Server Properties and Security Audit Viewer JSP page
CVE-2020-24601 1 Igniterealtime 1 Openfire 2024-11-21 6.1 Medium
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
CVE-2020-24599 1 Joomla 1 Joomla\! 2024-11-21 6.1 Medium
An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.
CVE-2020-24594 1 Mitel 1 Micloud Management Portal 2024-11-21 9.6 Critical
Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.
CVE-2020-24590 1 Wso2 2 Api Manager, Api Microgateway 2024-11-21 9.1 Critical
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.
CVE-2020-24582 1 Zulipchat 1 Zulip Desktop 2024-11-21 6.1 Medium
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
CVE-2020-24581 1 Dlink 2 Dsl2888a, Dsl2888a Firmware 2024-11-21 8.0 High
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands.
CVE-2020-24578 1 Dlink 2 Dsl2888a, Dsl2888a Firmware 2024-11-21 6.5 Medium
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file).
CVE-2020-24574 1 Gog 1 Galaxy 2024-11-21 7.8 High
The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism.
CVE-2020-24572 1 Raspap 1 Raspap 2024-11-21 8.8 High
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code).
CVE-2020-24561 1 Trendmicro 1 Serverprotect 2024-11-21 9.1 Critical
A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability.
CVE-2020-24553 5 Fedoraproject, Golang, Opensuse and 2 more 6 Fedora, Go, Leap and 3 more 2024-11-21 6.1 Medium
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
CVE-2020-24552 1 Atoptechnology 14 Se5901, Se5901 Firmware, Se5901b and 11 more 2024-11-21 5.5 Medium
Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.
CVE-2020-24525 1 Intel 46 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 43 more 2024-11-21 7.8 High
Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-24480 1 Intel 1 Extreme Tuning Utility 2024-11-21 4.4 Medium
Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access.
CVE-2020-24473 1 Intel 46 Baseboard Management Controller Firmware, Compute Module Hns2600bpb24r, Compute Module Hns2600bpbr and 43 more 2024-11-21 7.8 High
Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-24462 1 Intel 1 Graphics Drivers 2024-11-21 7.8 High
Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access.
CVE-2020-24450 1 Intel 1 Graphics Drivers 2024-11-21 7.8 High
Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access.