Search Results (83753 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-19879 1 Dbhcms Project 1 Dbhcms 2024-11-21 6.1 Medium
DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107,
CVE-2020-19855 1 Phpwcms 1 Phpwcms 2024-11-21 6.1 Medium
phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.
CVE-2020-19766 1 Tokenerc20 Project 1 Tokenerc20 2024-11-21 7.5 High
The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application.
CVE-2020-19762 1 Carrier 1 Webctrl System 2024-11-21 6.1 Medium
Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.
CVE-2020-19721 1 Axiosys 1 Bento4 2024-11-21 6.5 Medium
A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS).
CVE-2020-19709 1 Feehi 1 Feehicms 2024-11-21 6.1 Medium
Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload.
CVE-2020-19704 1 Spring-boot-admin Project 1 Spring-boot-admin 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19703 1 Dzzoffice 1 Dzzoffice 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-19683 1 Zzzcms 1 Zzzcms 2024-11-21 5.4 Medium
A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.
CVE-2020-19667 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2024-11-21 7.8 High
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
CVE-2020-19664 1 Draytek 2 Vigor2960, Vigor2960 Firmware 2024-11-21 8.8 High
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.
CVE-2020-19643 1 Insma 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page.
CVE-2020-19626 1 Craftcms 1 Craft Cms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
CVE-2020-19619 1 Mblog Project 1 Mblog 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
CVE-2020-19618 1 Mblog Project 1 Mblog 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
CVE-2020-19617 1 Mblog Project 1 Mblog 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.
CVE-2020-19616 1 Mblog Project 1 Mblog 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
CVE-2020-19611 1 Racktables Project 1 Racktables 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter.
CVE-2020-19609 2 Artifex, Debian 2 Mupdf, Debian Linux 2024-11-21 5.5 Medium
Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
CVE-2020-19587 1 Idera 1 Yellowfin Business Intelligence 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.