Export limit exceeded: 11960 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45693 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45693 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28350 | 1 Sokrates | 1 Sowasql | 2024-11-21 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter. | ||||
| CVE-2020-28334 | 1 Barco | 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware | 2024-11-21 | 9.8 Critical |
| Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell. | ||||
| CVE-2020-28329 | 1 Barco | 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware | 2024-11-21 | 9.8 Critical |
| Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. | ||||
| CVE-2020-28249 | 1 Joplin Project | 1 Joplin | 2024-11-21 | 6.1 Medium |
| Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. | ||||
| CVE-2020-28210 | 1 Schneider-electric | 1 Ecostruxure Building Operation | 2024-11-21 | 6.1 Medium |
| A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser. | ||||
| CVE-2020-28184 | 1 Terra-master | 1 Tos | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php. | ||||
| CVE-2020-28149 | 1 Mydbr | 1 Mydbr | 2024-11-21 | 9.6 Critical |
| myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS. | ||||
| CVE-2020-28146 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter. | ||||
| CVE-2020-28141 | 1 Online Discussion Forum Project | 1 Online Discussion Forum | 2024-11-21 | 5.4 Medium |
| The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page. | ||||
| CVE-2020-28139 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2024-11-21 | 6.1 Medium |
| SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. | ||||
| CVE-2020-28124 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. | ||||
| CVE-2020-28119 | 1 53kf | 1 53kf | 2024-11-21 | 6.1 Medium |
| Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window. | ||||
| CVE-2020-28092 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 6.1 Medium |
| PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id= | ||||
| CVE-2020-28071 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-11-21 | 4.8 Medium |
| SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS. | ||||
| CVE-2020-28047 | 1 Web-audimex | 1 Audimexee | 2024-11-21 | 5.4 Medium |
| AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to data leakage. | ||||
| CVE-2020-28038 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.5.2 allows stored XSS via post slugs. | ||||
| CVE-2020-28034 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.5.2 allows XSS associated with global variables. | ||||
| CVE-2020-28001 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 5.4 Medium |
| SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. | ||||
| CVE-2020-27991 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | ||||
| CVE-2020-27990 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | ||||