Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363281 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23050 | 1 Taotesting | 1 Tao Assessment Platform | 2024-11-21 | 8.0 High |
| TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code. | ||||
| CVE-2020-23049 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 5.4 Medium |
| Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-23048 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 6.1 Medium |
| SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters. | ||||
| CVE-2020-23047 | 1 Macs Cms Project | 1 Macs Cms | 2024-11-21 | 6.1 Medium |
| Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module. | ||||
| CVE-2020-23046 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.1 Medium |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. | ||||
| CVE-2020-23045 | 1 Macs Cms Project | 1 Macs Cms | 2024-11-21 | 7.2 High |
| Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules. | ||||
| CVE-2020-23044 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | ||||
| CVE-2020-23043 | 1 Air Sender Project | 1 Air Sender | 2024-11-21 | 8.8 High |
| Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2020-23042 | 1 Dropouts | 1 Super Backup | 2024-11-21 | 6.1 Medium |
| Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request. | ||||
| CVE-2020-23041 | 1 Dropouts | 1 Air Share | 2024-11-21 | 6.1 Medium |
| Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request. | ||||
| CVE-2020-23040 | 1 Sky File Project | 1 Sky File | 2024-11-21 | 7.5 High |
| Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands. | ||||
| CVE-2020-23039 | 1 Newsoftwares | 1 Folder Lock | 2024-11-21 | 5.4 Medium |
| Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name. | ||||
| CVE-2020-23038 | 1 Kumilabs | 1 Swift File Transfer | 2024-11-21 | 7.5 High |
| Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables. | ||||
| CVE-2020-23037 | 1 Portable | 1 Playable | 2024-11-21 | 9.8 Critical |
| Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | ||||
| CVE-2020-23036 | 1 Medianavi | 1 Smacom | 2024-11-21 | 5.9 Medium |
| MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack. | ||||
| CVE-2020-23026 | 1 Dhrystone Project | 1 Dhrystone | 2024-11-21 | 7.5 High |
| A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS). | ||||
| CVE-2020-23015 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 6.1 Medium |
| An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website. | ||||
| CVE-2020-23014 | 1 Apfell Project | 1 Apfell | 2024-11-21 | 5.4 Medium |
| APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel. | ||||
| CVE-2020-22987 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task. | ||||
| CVE-2020-22986 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task. | ||||