Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363169 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-23069 1 Webtareas Project 1 Webtareas 2024-11-21 6.5 Medium
Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.
CVE-2020-23061 1 Dropouts 1 Super Backup 2024-11-21 7.5 High
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command.
CVE-2020-23060 1 Tonec 1 Internet Download Manager 2024-11-21 7.1 High
Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file.
CVE-2020-23058 1 File Explorer Project 1 File Explorer 2024-11-21 4.6 Medium
An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data.
CVE-2020-23055 1 Lancom-systems 3 Lcos, Wlc-1000, Wlc-4006 2024-11-21 5.4 Medium
ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module via the userid and password parameters.
CVE-2020-23054 1 User-agent Switcher And Manager Project 1 User-agent Switcher And Manager 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field.
CVE-2020-23052 1 Catalyst 1 Mahara 2024-11-21 5.4 Medium
Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters.
CVE-2020-23051 1 User Registration \& Login And User Management System With Admin Panel Project 1 User Registration \& Login And User Management System With Admin Panel 2024-11-21 6.1 Medium
Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields.
CVE-2020-23050 1 Taotesting 1 Tao Assessment Platform 2024-11-21 8.0 High
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code.
CVE-2020-23049 1 Fork-cms 1 Fork Cms 2024-11-21 5.4 Medium
Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-23048 1 Seeddms 1 Seeddms 2024-11-21 6.1 Medium
SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters.
CVE-2020-23047 1 Macs Cms Project 1 Macs Cms 2024-11-21 6.1 Medium
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module.
CVE-2020-23046 1 Dedecms 1 Dedecms 2024-11-21 6.1 Medium
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
CVE-2020-23045 1 Macs Cms Project 1 Macs Cms 2024-11-21 7.2 High
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules.
CVE-2020-23044 1 Dedecms 1 Dedecms 2024-11-21 5.4 Medium
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
CVE-2020-23043 1 Air Sender Project 1 Air Sender 2024-11-21 8.8 High
Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file.
CVE-2020-23042 1 Dropouts 1 Super Backup 2024-11-21 6.1 Medium
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.
CVE-2020-23041 1 Dropouts 1 Air Share 2024-11-21 6.1 Medium
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.
CVE-2020-23040 1 Sky File Project 1 Sky File 2024-11-21 7.5 High
Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands.
CVE-2020-23039 1 Newsoftwares 1 Folder Lock 2024-11-21 5.4 Medium
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name.