Search Results (83779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-23518 1 Ultimatekode 1 Neo Billing 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML.
CVE-2020-23517 1 Aryanic 1 High Cms 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.
CVE-2020-23481 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.4 Medium
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.
CVE-2020-23466 1 Phpgurukul 1 Online Marriage Registration System 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.
CVE-2020-23450 1 Spiceworks 1 Spiceworks 2024-11-21 5.4 Medium
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.
CVE-2020-23448 1 Newbee-mall Project 1 Newbee-mall 2024-11-21 9.8 Critical
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.
CVE-2020-23447 1 Newbee-mall Project 1 Newbee-mall 2024-11-21 6.1 Medium
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".
CVE-2020-23374 1 5none 1 Nonecms 2024-11-21 5.4 Medium
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23373 1 5none 1 Nonecms 2024-11-21 5.4 Medium
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23371 1 5none 1 Nonecms 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
CVE-2020-23370 1 Yzmcms 1 Yzmcms 2024-11-21 5.4 Medium
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.
CVE-2020-23369 1 Yzmcms 1 Yzmcms 2024-11-21 6.1 Medium
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
CVE-2020-23341 1 Atutor 1 Atutor 2024-11-21 6.1 Medium
A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-23334 1 Axiosys 1 Bento4 2024-11-21 7.5 High
A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTerminatedStringAtom component of Bento4 version 06c39d9 can lead to a segmentation fault.
CVE-2020-23333 1 Axiosys 1 Bento4 2024-11-21 7.5 High
A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS).
CVE-2020-23332 1 Axiosys 1 Bento4 2024-11-21 7.5 High
A heap-based buffer overflow exists in the AP4_StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service (DOS).
CVE-2020-23323 1 Jerryscript 1 Jerryscript 2024-11-21 9.8 Critical
There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.
CVE-2020-23321 1 Jerryscript 1 Jerryscript 2024-11-21 9.8 Critical
There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0.
CVE-2020-23306 1 Jerryscript 1 Jerryscript 2024-11-21 9.8 Critical
There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0.
CVE-2020-23303 1 Jerryscript 1 Jerryscript 2024-11-21 9.8 Critical
There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0.