Export limit exceeded: 363167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363167 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23451 | 1 Spiceworks | 1 Spiceworks | 2024-11-21 | 8.8 High |
| Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. | ||||
| CVE-2020-23450 | 1 Spiceworks | 1 Spiceworks | 2024-11-21 | 5.4 Medium |
| Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization. | ||||
| CVE-2020-23449 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 7.5 High |
| newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID. | ||||
| CVE-2020-23448 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 9.8 Critical |
| newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed. | ||||
| CVE-2020-23447 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 6.1 Medium |
| newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office". | ||||
| CVE-2020-23446 | 1 Verint | 1 Workforce Optimization | 2024-11-21 | 5.3 Medium |
| Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API | ||||
| CVE-2020-23426 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 9.8 Critical |
| zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. | ||||
| CVE-2020-23376 | 1 5none | 1 Nonecms | 2024-11-21 | 6.1 Medium |
| NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack. | ||||
| CVE-2020-23374 | 1 5none | 1 Nonecms | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2020-23373 | 1 5none | 1 Nonecms | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2020-23371 | 1 5none | 1 Nonecms | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter. | ||||
| CVE-2020-23370 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 5.4 Medium |
| In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML. | ||||
| CVE-2020-23369 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.1 Medium |
| In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3. | ||||
| CVE-2020-23361 | 1 Phplist | 1 Phplist | 2024-11-21 | 9.8 Critical |
| phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | ||||
| CVE-2020-23360 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 9.8 Critical |
| oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php | ||||
| CVE-2020-23359 | 1 Webidsupport | 1 Webid | 2024-11-21 | 9.8 Critical |
| WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check. | ||||
| CVE-2020-23356 | 1 Nibbleblog | 1 Nibbleblog | 2024-11-21 | 7.5 High |
| dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | ||||
| CVE-2020-23355 | 1 Codiad | 1 Codiad | 2024-11-21 | 7.5 High |
| ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate. | ||||
| CVE-2020-23352 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 7.5 High |
| Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values. | ||||
| CVE-2020-23349 | 1 Weibo | 1 Android Software Development Kit | 2024-11-21 | 7.5 High |
| An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity. | ||||