Export limit exceeded: 347638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45671 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-17451 | 1 Flatcore | 1 Flatcore | 2024-11-21 | 4.8 Medium |
| flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter. | ||||
| CVE-2020-17450 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 6.1 Medium |
| PHP-Fusion 9.03 allows XSS on the preview page. | ||||
| CVE-2020-17449 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 5.4 Medium |
| PHP-Fusion 9.03 allows XSS via the error_log file. | ||||
| CVE-2020-17372 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 5.4 Medium |
| SugarCRM before 10.1.0 (Q3 2020) allows XSS. | ||||
| CVE-2020-17364 | 1 Usvn | 1 User-friendly Svn | 2024-11-21 | 6.1 Medium |
| USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. | ||||
| CVE-2020-17362 | 1 Themeinprogress | 1 Nova Lite | 2024-11-21 | 6.1 Medium |
| search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS. | ||||
| CVE-2020-17083 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 5.5 Medium |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2020-17021 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2020-17018 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2020-17006 | 1 Microsoft | 1 Dynamics Crm 2015 | 2024-11-21 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2020-17005 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2020-16847 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 6.1 Medium |
| Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. | ||||
| CVE-2020-16632 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter. | ||||
| CVE-2020-16608 | 1 Notable | 1 Notable | 2024-11-21 | 9.6 Critical |
| Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). | ||||
| CVE-2020-16278 | 1 Carson-saint | 1 Saint Security Suite | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link. | ||||
| CVE-2020-16275 | 1 Carson-saint | 1 Saint Security Suite | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link. | ||||
| CVE-2020-16270 | 1 Olimpoks | 1 Olimpok | 2024-11-21 | 6.1 Medium |
| OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries. | ||||
| CVE-2020-16266 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 5.4 Medium |
| An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it). | ||||
| CVE-2020-16258 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 7.1 High |
| Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials. | ||||
| CVE-2020-16255 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 6.1 Medium |
| ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.' | ||||