Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19285 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field. | ||||
| CVE-2020-19284 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field. | ||||
| CVE-2020-19283 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-19282 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. | ||||
| CVE-2020-19281 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. | ||||
| CVE-2020-19280 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 8.8 High |
| Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. | ||||
| CVE-2020-19275 | 1 Dhcms Project | 1 Dhcms | 2024-11-21 | 5.3 Medium |
| An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path. | ||||
| CVE-2020-19274 | 1 Dhcms Project | 1 Dhcms | 2024-11-21 | 6.1 Medium |
| A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 in guestbook via the message board, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-19268 | 1 Dswjcms Project | 1 Dswjcms | 2024-11-21 | 5.7 Medium |
| A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users. | ||||
| CVE-2020-19267 | 1 Dswjcms Project | 1 Dswjcms | 2024-11-21 | 9.8 Critical |
| An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2020-19266 | 1 Dswjcms Project | 1 Dswjcms | 2024-11-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-19265 | 1 Dswjcms Project | 1 Dswjcms | 2024-11-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-19264 | 1 Mipcms | 1 Mipcms | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd. | ||||
| CVE-2020-19263 | 1 Mipcms | 1 Mipcms | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit. | ||||
| CVE-2020-19229 | 1 Jeesite | 1 Jeesite | 2024-11-21 | 9.8 Critical |
| Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter. | ||||
| CVE-2020-19228 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.2 High |
| An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. | ||||
| CVE-2020-19217 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager. | ||||
| CVE-2020-19216 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm. | ||||
| CVE-2020-19215 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm. | ||||
| CVE-2020-19213 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories. | ||||