Search Results (83785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-23849 1 Jsoneditoronline 1 Jsoneditor 2024-11-21 6.1 Medium
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript.
CVE-2020-23839 1 Get-simple 1 Getsimple Cms 2024-11-21 6.1 Medium
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.
CVE-2020-23835 1 Tailor Management System Project 1 Tailor Management System 2024-11-21 6.4 Medium
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.
CVE-2020-23834 1 Realtimelogic 1 Barracudadrive 2024-11-21 8.8 High
Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem.
CVE-2020-23832 1 Car Rental Management System Project 1 Car Rental Management System 2024-11-21 6.1 Medium
A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login.
CVE-2020-23831 1 Stock Management System Project 1 Stock Management System 2024-11-21 6.4 Medium
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials.
CVE-2020-23826 1 Assaabloy 2 Yale Wipc-303w, Yale Wipc-303w Firmware 2024-11-21 8.8 High
The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176
CVE-2020-23814 1 Xuxueli 1 Xxl-job 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
CVE-2020-23774 1 Winmail Project 1 Winmail 2024-11-21 6.1 Medium
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.
CVE-2020-23762 1 Larsens Calendar Project 1 Larsens Calendar 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.
CVE-2020-23761 1 Intelliants 1 Subrion 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.
CVE-2020-23754 1 Php-fusion 1 Phpfusion 2024-11-21 9.6 Critical
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.
CVE-2020-23721 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 5.4 Medium
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.
CVE-2020-23719 1 Zibbs Project 1 Zibbs 2024-11-21 9.6 Critical
Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.
CVE-2020-23718 1 Zibbs Project 1 Zibbs 2024-11-21 9.6 Critical
Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php.
CVE-2020-23710 1 Limesurvey 1 Limesurvey 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature.
CVE-2020-23707 1 Ok-file-formats Project 1 Ok-file-formats 2024-11-21 6.5 Medium
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.
CVE-2020-23706 1 Ok-file-formats Project 1 Ok-file-formats 2024-11-21 6.5 Medium
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.
CVE-2020-23702 1 Php-fusion 1 Php-fusion 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php.
CVE-2020-23700 1 Lavalite 1 Lavalite 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature.