Export limit exceeded: 363299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363299 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19266 | 1 Dswjcms Project | 1 Dswjcms | 2024-11-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-19265 | 1 Dswjcms Project | 1 Dswjcms | 2024-11-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-19264 | 1 Mipcms | 1 Mipcms | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd. | ||||
| CVE-2020-19263 | 1 Mipcms | 1 Mipcms | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit. | ||||
| CVE-2020-19229 | 1 Jeesite | 1 Jeesite | 2024-11-21 | 9.8 Critical |
| Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter. | ||||
| CVE-2020-19228 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.2 High |
| An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. | ||||
| CVE-2020-19217 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager. | ||||
| CVE-2020-19216 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm. | ||||
| CVE-2020-19215 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm. | ||||
| CVE-2020-19213 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories. | ||||
| CVE-2020-19212 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.9 Medium |
| SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete. | ||||
| CVE-2020-19204 | 1 Ipfire | 1 Ipfire | 2024-11-21 | 5.4 Medium |
| An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. It allows an authenticated WebGUI user to execute Stored Cross-site Scripting in the Routing Table Entries. | ||||
| CVE-2020-19203 | 1 Netgate | 1 Pfsense | 2024-11-21 | 5.4 Medium |
| An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr (description) parameter of wake-on-LAN entries in its output, leading to a possible stored XSS. | ||||
| CVE-2020-19202 | 1 Ipfire | 1 Ipfire | 2024-11-21 | 5.4 Medium |
| An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page. | ||||
| CVE-2020-19201 | 1 Netgate | 1 Pfsense | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr (description) parameter on NAT rules. | ||||
| CVE-2020-19199 | 1 Phpok | 1 Phpok | 2024-11-21 | 8.8 High |
| A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-19190 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2024-11-21 | 6.5 Medium |
| Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | ||||
| CVE-2020-19189 | 3 Debian, Gnu, Netapp | 3 Debian Linux, Ncurses, Active Iq Unified Manager | 2024-11-21 | 6.5 Medium |
| Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | ||||
| CVE-2020-19188 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2024-11-21 | 6.5 Medium |
| Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | ||||
| CVE-2020-19187 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2024-11-21 | 6.5 Medium |
| Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | ||||