Export limit exceeded: 45688 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45688 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45688 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24215 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution. | ||||
| CVE-2020-24198 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 6.1 Medium |
| A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' | ||||
| CVE-2020-24194 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2024-11-21 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter. | ||||
| CVE-2020-24188 | 1 Unitedplanet | 1 Intrexx | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter. | ||||
| CVE-2020-24145 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action. | ||||
| CVE-2020-24138 | 1 Wcms | 1 Wcms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php. | ||||
| CVE-2020-24135 | 1 Wcms | 1 Wcms | 2024-11-21 | 6.1 Medium |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php. | ||||
| CVE-2020-24115 | 1 Online Book Store Project | 1 Online Book Store | 2024-11-21 | 9.8 Critical |
| In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. | ||||
| CVE-2020-24104 | 1 Pix-link | 2 Lv-wr07, Lv-wr07 Firmware | 2024-11-21 | 6.1 Medium |
| XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter. | ||||
| CVE-2020-24085 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code. | ||||
| CVE-2020-24075 | 1 Laborator | 1 Kalium | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code. | ||||
| CVE-2020-24056 | 1 Verint | 6 4320, 4320 Firmware, 5620ptz and 3 more | 2024-11-21 | 7.5 High |
| A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | ||||
| CVE-2020-24053 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2024-11-21 | 7.5 High |
| Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | ||||
| CVE-2020-24026 | 1 Tinyshop Project | 1 Tinyshop | 2024-11-21 | 6.1 Medium |
| TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scripting (XSS) or information disclosure. | ||||
| CVE-2020-23992 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request. | ||||
| CVE-2020-23989 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C allows pwsec.php oid XSS. | ||||
| CVE-2020-23986 | 1 Github Readme Stats Project | 1 Github Readme Stats | 2024-11-21 | 6.1 Medium |
| Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError. | ||||
| CVE-2020-23984 | 1 Online Hotel Booking System Pro Project | 1 Online Hotel Booking System Pro | 2024-11-21 | 5.4 Medium |
| Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. | ||||
| CVE-2020-23983 | 1 Ichat Project | 1 Ichat | 2024-11-21 | 5.4 Medium |
| Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags. | ||||
| CVE-2020-23982 | 1 Designmasterevents | 1 Conference Management Cms | 2024-11-21 | 6.1 Medium |
| DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php' | ||||