Search Results (83756 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-21101 1 Screenly 1 Screenly 2024-11-21 5.4 Medium
Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute arbitrary code.
CVE-2020-21088 1 X2engine 1 X2crm 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"
CVE-2020-21087 1 X2engine 1 X2crm 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool.
CVE-2020-21082 1 Maccms 1 Maccms 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names.
CVE-2020-21066 1 Axiosys 1 Bento4 2024-11-21 6.5 Medium
An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42aac.
CVE-2020-21054 1 Fusionpbx 1 Fusionpbx 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
CVE-2020-21053 1 Fusionpbx 1 Fusionpbx 2024-11-21 6.1 Medium
Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.
CVE-2020-21047 1 Elfutils Project 1 Elfutils 2024-11-21 5.5 Medium
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.
CVE-2020-21003 1 Pbootcms 1 Pbootcms 2024-11-21 4.8 Medium
Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php.
CVE-2020-20990 1 Domainmod 1 Domainmod 2024-11-21 5.4 Medium
A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter.
CVE-2020-20988 1 Domainmod 1 Domainmod 2024-11-21 5.4 Medium
A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter.
CVE-2020-20982 1 Wdja 1 Wdja Cms 2024-11-21 9.6 Critical
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.
CVE-2020-20977 1 Ukcms 1 Ukcms 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.
CVE-2020-20951 1 Pluck-cms 1 Pluck 2024-11-21 9.8 Critical
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.
CVE-2020-20946 1 Qibosoft 1 Qibosoft 2024-11-21 5.4 Medium
Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add.
CVE-2020-20908 1 Akaunting 1 Akaunting 2024-11-21 5.4 Medium
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field.
CVE-2020-20808 1 Qibosoft 1 Qibosoft 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.
CVE-2020-20799 1 Jeecms 1 Jeecms 2024-11-21 5.4 Medium
JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.
CVE-2020-20781 1 Ucms Project 1 Ucms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.
CVE-2020-20746 1 Tendacn 2 Ac9, Ac9 Firmware 2024-11-21 7.2 High
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.