Search

Search Results (363345 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-23512 1 Vr Cam 2 P1, P1 Firmware 2024-11-21 9.8 Critical
VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication.
CVE-2020-23490 1 Wwbn 1 Avideo 2024-11-21 7.5 High
There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.
CVE-2020-23489 1 Wwbn 1 Avideo 2024-11-21 8.8 High
The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.
CVE-2020-23481 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.4 Medium
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.
CVE-2020-23478 1 Leoeditor 1 Leo 2024-11-21 7.5 High
Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.
CVE-2020-23469 1 Gmate Project 1 Gmate 2024-11-21 7.5 High
gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin.
CVE-2020-23466 1 Phpgurukul 1 Online Marriage Registration System 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.
CVE-2020-23451 1 Spiceworks 1 Spiceworks 2024-11-21 8.8 High
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
CVE-2020-23450 1 Spiceworks 1 Spiceworks 2024-11-21 5.4 Medium
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.
CVE-2020-23449 1 Newbee-mall Project 1 Newbee-mall 2024-11-21 7.5 High
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.
CVE-2020-23448 1 Newbee-mall Project 1 Newbee-mall 2024-11-21 9.8 Critical
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.
CVE-2020-23447 1 Newbee-mall Project 1 Newbee-mall 2024-11-21 6.1 Medium
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".
CVE-2020-23446 1 Verint 1 Workforce Optimization 2024-11-21 5.3 Medium
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API
CVE-2020-23426 1 Zzcms 1 Zzcms 2024-11-21 9.8 Critical
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.
CVE-2020-23376 1 5none 1 Nonecms 2024-11-21 6.1 Medium
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.
CVE-2020-23374 1 5none 1 Nonecms 2024-11-21 5.4 Medium
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23373 1 5none 1 Nonecms 2024-11-21 5.4 Medium
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23371 1 5none 1 Nonecms 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
CVE-2020-23370 1 Yzmcms 1 Yzmcms 2024-11-21 5.4 Medium
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.
CVE-2020-23369 1 Yzmcms 1 Yzmcms 2024-11-21 6.1 Medium
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.