Search Results (83792 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-24085 1 Misp 1 Misp 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code.
CVE-2020-24075 1 Laborator 1 Kalium 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.
CVE-2020-24057 1 Verint 2 S5120fd, S5120fd Firmware 2024-11-21 8.8 High
The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'.
CVE-2020-24056 1 Verint 6 4320, 4320 Firmware, 5620ptz and 3 more 2024-11-21 7.5 High
A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.
CVE-2020-24055 1 Verint 4 4320, 4320 Firmware, 5620ptz and 1 more 2024-11-21 9.8 Critical
Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication.
CVE-2020-24054 1 Moog 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more 2024-11-21 9.8 Critical
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as '${IFS}'. As a result, an attacker can execute arbitrary commands as 'root' on the units.
CVE-2020-24053 1 Moog 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more 2024-11-21 7.5 High
Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.
CVE-2020-24032 1 Xorux 2 Lpar2rrd, Stor2rrd 2024-11-21 9.8 Critical
tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.
CVE-2020-24027 1 Live555 1 Liblivemedia 2024-11-21 9.8 Critical
In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.
CVE-2020-24026 1 Tinyshop Project 1 Tinyshop 2024-11-21 6.1 Medium
TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scripting (XSS) or information disclosure.
CVE-2020-23992 1 Nagios 1 Nagios Xi 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.
CVE-2020-23989 1 Nedi 1 Nedi 2024-11-21 5.4 Medium
NeDi 1.9C allows pwsec.php oid XSS.
CVE-2020-23986 1 Github Readme Stats Project 1 Github Readme Stats 2024-11-21 6.1 Medium
Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError.
CVE-2020-23984 1 Online Hotel Booking System Pro Project 1 Online Hotel Booking System Pro 2024-11-21 5.4 Medium
Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags.
CVE-2020-23983 1 Ichat Project 1 Ichat 2024-11-21 5.4 Medium
Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags.
CVE-2020-23982 1 Designmasterevents 1 Conference Management Cms 2024-11-21 6.1 Medium
DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php'
CVE-2020-23981 1 13enforme 1 13enforme Cms 2024-11-21 6.1 Medium
13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter.
CVE-2020-23977 1 Kandnconcepts Club Cms Project 1 Kandnconcepts Club Cms 2024-11-21 6.1 Medium
KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter.
CVE-2020-23975 1 Webexcels 1 Ecommerce Cms 2024-11-21 6.1 Medium
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter.
CVE-2020-23974 1 Create-project Manager Project 1 Create-project Manager 2024-11-21 5.4 Medium
Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags).