Search Results (83531 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-12132 1 Fifthplay 1 S.a.m.i 2024-11-21 6.1 Medium
Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS via a POST request.
CVE-2020-12131 1 App2pro 1 Airdisk Pro 2024-11-21 6.1 Medium
The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter (shown next to the UI logo).
CVE-2020-12130 1 App2pro 1 Airdisk Pro 2024-11-21 6.1 Medium
The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function.
CVE-2020-12129 1 App2pro 1 Airdisk Pro 2024-11-21 6.1 Medium
The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder function.
CVE-2020-12124 1 Wavlink 2 Wn530h4, Wn530h4 Firmware 2024-11-21 9.8 Critical
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
CVE-2020-12120 1 Prestashop 1 Correos Express 2024-11-21 7.5 High
The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers.
CVE-2020-12113 1 Bigbluebutton 1 Bigbluebutton 2024-11-21 6.1 Medium
BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.
CVE-2020-12111 1 Tp-link 4 Nc260, Nc260 Firmware, Nc450 and 1 more 2024-11-21 8.8 High
Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304.
CVE-2020-12110 1 Tp-link 14 Nc200, Nc200 Firmware, Nc210 and 11 more 2024-11-21 9.8 Critical
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
CVE-2020-12109 1 Tp-link 14 Nc200, Nc200 Firmware, Nc210 and 11 more 2024-11-21 8.8 High
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
CVE-2020-12108 6 Canonical, Debian, Fedoraproject and 3 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-11-21 6.5 Medium
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
CVE-2020-12107 1 Stengg 2 Vpncrypt M10, Vpncrypt M10 Firmware 2024-11-21 9.8 Critical
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System.
CVE-2020-12105 2 Infradead, Opensuse 2 Openconnect, Leap 2024-11-21 5.9 Medium
OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.
CVE-2020-12082 1 Flexera 1 Flexnet Code Insight 2024-11-21 5.4 Medium
A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).
CVE-2020-12078 1 Opmantek 1 Open-audit 2024-11-21 8.8 High
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.
CVE-2020-12071 1 Anchorcms 1 Anchor 2024-11-21 4.8 Medium
Anchor 0.12.7 allows admins to cause XSS via crafted post content.
CVE-2020-12058 1 Oscommerce 1 Ce Phoenix 2024-11-21 6.1 Medium
Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catalog/admin/countries.php, catalog/admin/tax_classes.php, catalog/admin/reviews.php, or catalog/admin/zones.php; or the zpage or spage parameter to catalog/admin/geo_zones.php.
CVE-2020-12054 1 Catchplugins 1 Catch Breadcrumb 2024-11-21 6.1 Medium
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.
CVE-2020-12052 2 Grafana, Redhat 4 Grafana, Enterprise Linux, Openshift and 1 more 2024-11-21 6.1 Medium
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
CVE-2020-12047 1 Baxter 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module 2024-11-21 9.8 Critical
The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials.