Search Results (83603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-13869 1 Verbb 1 Comments 2024-11-21 5.4 Medium
An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.
CVE-2020-13866 1 Qbik 1 Wingate 2024-11-21 7.8 High
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
CVE-2020-13865 1 Elementor 1 Elementor Page Builder 2024-11-21 5.4 Medium
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-13864 1 Elementor 1 Elementor Page Builder 2024-11-21 5.4 Medium
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13863 1 Mitel 1 Micollab 2024-11-21 8.1 High
The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information.
CVE-2020-13859 1 Mofinetwork 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware 2024-11-21 9.8 Critical
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature.
CVE-2020-13858 1 Mofinetwork 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware 2024-11-21 9.8 Critical
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations.
CVE-2020-13853 1 Pandorafms 1 Pandora Fms 2024-11-21 5.4 Medium
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.
CVE-2020-13851 1 Pandorafms 1 Pandora Fms 2024-11-21 8.8 High
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
CVE-2020-13828 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 5.4 Medium
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
CVE-2020-13827 1 Phplist 1 Phplist 2024-11-21 6.1 Medium
phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.
CVE-2020-13825 1 I-doit 1 I-doit 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter.
CVE-2020-13821 1 Hivemq 1 Broker Control Center 2024-11-21 5.4 Medium
An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker.
CVE-2020-13820 1 Extremenetworks 1 Extreme Management Center 2024-11-21 6.1 Medium
Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
CVE-2020-13819 1 Extremenetworks 1 Extreme Management Center 2024-11-21 6.1 Medium
Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
CVE-2020-13811 1 Foxitsoftware 1 Foxit Studio Photo 2024-11-21 7.8 High
An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has an out-of-bounds write via a crafted TIFF file.
CVE-2020-13804 1 Foxitsoftware 2 Phantompdf, Reader 2024-11-21 9.8 Critical
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.
CVE-2020-13802 1 Erlang 1 Rebar3 2024-11-21 9.8 Critical
Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.
CVE-2020-13798 1 Naviwebs 1 Navigate Cms 2024-11-21 6.1 Medium
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.
CVE-2020-13797 1 Naviwebs 1 Navigate Cms 2024-11-21 6.1 Medium
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php.