Total
41182 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25391 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 5.4 Medium |
| A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module. | ||||
| CVE-2020-25385 | 1 Nagios | 1 Log Server | 2024-11-21 | 6.1 Medium |
| Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page. | ||||
| CVE-2020-25380 | 1 Recall-products Project | 1 Recall-products | 2024-11-21 | 5.4 Medium |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed. | ||||
| CVE-2020-25378 | 1 Accesspressthemes | 1 Wp Floating Menu | 2024-11-21 | 6.1 Medium |
| Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. | ||||
| CVE-2020-25375 | 1 Softrade | 1 Wp Smart Crm \& Invoices | 2024-11-21 | 5.4 Medium |
| Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field. | ||||
| CVE-2020-25352 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving. | ||||
| CVE-2020-25343 | 1 Getsymphony | 1 Symphony | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php | ||||
| CVE-2020-25288 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.8 Medium |
| An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript. | ||||
| CVE-2020-25272 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | 6.1 Medium |
| In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php. | ||||
| CVE-2020-25271 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.4 Medium |
| PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php. | ||||
| CVE-2020-25270 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | 5.4 Medium |
| PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. | ||||
| CVE-2020-25267 | 1 Ilias | 1 Ilias | 2024-11-21 | 5.4 Medium |
| An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. | ||||
| CVE-2020-25205 | 1 Mimosa | 6 B5, B5 Firmware, B5c and 3 more | 2024-11-21 | 6.1 Medium |
| The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain arbitrary JavaScript. The file contents are then used as part of a welcome/banner message presented to unauthenticated users who visit the login page for the web console. This vulnerability does not occur in the older 1.5.x firmware versions. | ||||
| CVE-2020-25148 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php. | ||||
| CVE-2020-25146 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule. | ||||
| CVE-2020-25141 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI. | ||||
| CVE-2020-25140 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php. | ||||
| CVE-2020-25139 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php. | ||||
| CVE-2020-25138 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php. | ||||
| CVE-2020-25137 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI. | ||||