Total
41155 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18654 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php". | ||||
| CVE-2020-18475 | 1 Hucart | 1 Hucart | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be executed. | ||||
| CVE-2020-18470 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php. | ||||
| CVE-2020-18469 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application. | ||||
| CVE-2020-18468 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration. | ||||
| CVE-2020-18467 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create. | ||||
| CVE-2020-18456 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php. | ||||
| CVE-2020-18455 | 1 Bycms Project | 1 Bycms | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php. | ||||
| CVE-2020-18451 | 1 Damicms | 1 Damicms | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php. | ||||
| CVE-2020-18449 | 1 Ukcms | 1 Ukcms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php | ||||
| CVE-2020-18446 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php. | ||||
| CVE-2020-18445 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php. | ||||
| CVE-2020-18336 | 1 Typora | 1 Typora | 2024-11-21 | 7.4 High |
| Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. | ||||
| CVE-2020-18327 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 | ||||
| CVE-2020-18325 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.1 Medium |
| Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. | ||||
| CVE-2020-18324 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. | ||||
| CVE-2020-18259 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-11-21 | 6.1 Medium |
| ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields. | ||||
| CVE-2020-18230 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php". | ||||
| CVE-2020-18229 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php". | ||||
| CVE-2020-18221 | 1 Typora | 1 Typora | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. | ||||