Export limit exceeded: 349422 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45830 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45830 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15038 | 1 Seedprod | 1 Coming Soon Page\, Under Construction \& Maintenance Mode | 2024-11-21 | 5.4 Medium |
| The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. | ||||
| CVE-2020-15037 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter. | ||||
| CVE-2020-15036 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter. | ||||
| CVE-2020-15035 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter. | ||||
| CVE-2020-15034 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter. | ||||
| CVE-2020-15033 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter. | ||||
| CVE-2020-15032 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter. | ||||
| CVE-2020-15031 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter. | ||||
| CVE-2020-15030 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter. | ||||
| CVE-2020-15029 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter. | ||||
| CVE-2020-15028 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter. | ||||
| CVE-2020-15020 | 1 Elementor | 1 Website Builder | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field. | ||||
| CVE-2020-15017 | 1 Nedi | 1 Nedi | 2024-11-21 | 6.1 Medium |
| NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter. | ||||
| CVE-2020-15016 | 1 Nedi | 1 Nedi | 2024-11-21 | 6.1 Medium |
| NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter. | ||||
| CVE-2020-15015 | 1 Gleamtech | 1 Fileultimate | 2024-11-21 | 6.1 Medium |
| The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XSS via an SVG document. | ||||
| CVE-2020-15011 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Mailman and 1 more | 2024-11-21 | 4.3 Medium |
| GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. | ||||
| CVE-2020-15006 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. | ||||
| CVE-2020-15004 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.8 Medium |
| OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. | ||||
| CVE-2020-14988 | 1 Bloomreach | 1 Experience Manager | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the upload image functionality via an SVG document containing JavaScript. | ||||
| CVE-2020-14973 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 6.1 Medium |
| The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. | ||||