Search Results (83755 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-1058 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2024-11-21 7.5 High
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1060, CVE-2020-1093.
CVE-2020-1050 1 Microsoft 1 Dynamics 365 Server 2024-11-21 6.1 Medium
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1049.
CVE-2020-1049 1 Microsoft 1 Dynamics 365 Server 2024-11-21 5.4 Medium
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1050.
CVE-2020-1037 1 Microsoft 5 Chakracore, Edge, Windows 10 and 2 more 2024-11-21 7.5 High
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.
CVE-2020-1035 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2024-11-21 7.5 High
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1058, CVE-2020-1060, CVE-2020-1093.
CVE-2020-1028 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2024-11-21 7.8 High
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1126, CVE-2020-1136, CVE-2020-1150.
CVE-2020-19962 1 Chaoji Cms Project 1 Chaoji Cms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts.
CVE-2020-19952 1 Jbt 1 Live \(github-flavored\) Markdown Editor 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.
CVE-2020-19950 1 Yzmcms 1 Yzmcms 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19949 1 Yzmcms 1 Yzmcms 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19924 1 Issuehunt 1 Boostnote 2024-11-21 5.4 Medium
In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks.
CVE-2020-19915 1 Wuzhicms 1 Wuzhicms 2024-11-21 6.1 Medium
Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php.
CVE-2020-19914 1 Xiuno 1 Xiunobbs 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function.
CVE-2020-19907 1 Mitre 1 Caldera 2024-11-21 8.8 High
A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.
CVE-2020-19891 1 Dbhcms Project 1 Dbhcms 2024-11-21 7.2 High
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell.
CVE-2020-19887 1 Dbhcms Project 1 Dbhcms 2024-11-21 4.8 Medium
DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
CVE-2020-19885 1 Dbhcms Project 1 Dbhcms 2024-11-21 4.8 Medium
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
CVE-2020-19884 1 Dbhcms Project 1 Dbhcms 2024-11-21 4.8 Medium
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119.
CVE-2020-19883 1 Dbhcms Project 1 Dbhcms 2024-11-21 4.8 Medium
DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
CVE-2020-19882 1 Dbhcms Project 1 Dbhcms 2024-11-21 4.8 Medium
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users.