Total
41195 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36011 | 1 Qdocs | 1 Smart Hospital | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field. | ||||
| CVE-2020-36007 | 1 Appcms | 1 Appcms | 2024-11-21 | 6.1 Medium |
| AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users. | ||||
| CVE-2020-35987 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | ||||
| CVE-2020-35986 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | ||||
| CVE-2020-35985 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | ||||
| CVE-2020-35984 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | ||||
| CVE-2020-35973 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.4 Medium |
| An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php. | ||||
| CVE-2020-35971 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 5.4 Medium |
| A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page. | ||||
| CVE-2020-35947 | 1 Pagelayer | 1 Pagelayer | 2024-11-21 | 7.4 High |
| An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce was present in a publicly viewable page. The greatest impact was the pagelayer_save_content function that allowed pages to be modified and allowed XSS to occur. | ||||
| CVE-2020-35946 | 1 Semperplugins | 1 All In One Seo Pack | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS. | ||||
| CVE-2020-35944 | 1 Pagelayer | 1 Pagelayer | 2024-11-21 | 8.8 High |
| An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS. | ||||
| CVE-2020-35942 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) | ||||
| CVE-2020-35937 | 1 Pickplugins | 2 Post Grid, Team Showcase | 2024-11-21 | 7.5 High |
| Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts. | ||||
| CVE-2020-35936 | 1 Pickplugins | 2 Post Grid, Team Showcase | 2024-11-21 | 7.5 High |
| Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. | ||||
| CVE-2020-35933 | 1 Thenewsletterplugin | 1 Newsletter | 2024-11-21 | 6.5 Medium |
| A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter. | ||||
| CVE-2020-35930 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 5.4 Medium |
| Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. | ||||
| CVE-2020-35856 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 4.8 Medium |
| SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page. | ||||
| CVE-2020-35854 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 4.8 Medium |
| Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. | ||||
| CVE-2020-35853 | 1 4homepages | 1 4images | 2024-11-21 | 4.8 Medium |
| 4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload. | ||||
| CVE-2020-35852 | 1 Getgist | 1 Chatbox | 2024-11-21 | 6.1 Medium |
| Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS. | ||||