Total
43777 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23208 | 1 Phplist | 1 Phplist | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module. | ||||
| CVE-2020-23207 | 1 Phplist | 1 Phplist | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module. | ||||
| CVE-2020-23205 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module. | ||||
| CVE-2020-23194 | 1 Phplist | 1 Phplist | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2020-23192 | 1 Phplist | 1 Phplist | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module. | ||||
| CVE-2020-23190 | 1 Phplist | 1 Phplist | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2020-23185 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2020-23184 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field. | ||||
| CVE-2020-23181 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 5.4 Medium |
| A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field. | ||||
| CVE-2020-23179 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field. | ||||
| CVE-2020-23126 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 6.1 Medium |
| Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends. | ||||
| CVE-2020-23055 | 1 Lancom-systems | 3 Lcos, Wlc-1000, Wlc-4006 | 2024-11-21 | 5.4 Medium |
| ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module via the userid and password parameters. | ||||
| CVE-2020-23054 | 1 User-agent Switcher And Manager Project | 1 User-agent Switcher And Manager | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field. | ||||
| CVE-2020-23052 | 1 Catalyst | 1 Mahara | 2024-11-21 | 5.4 Medium |
| Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (DescripciĆ³n) parameters. | ||||
| CVE-2020-23051 | 1 User Registration \& Login And User Management System With Admin Panel Project | 1 User Registration \& Login And User Management System With Admin Panel | 2024-11-21 | 6.1 Medium |
| Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields. | ||||
| CVE-2020-23049 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 5.4 Medium |
| Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-23048 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 6.1 Medium |
| SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters. | ||||
| CVE-2020-23047 | 1 Macs Cms Project | 1 Macs Cms | 2024-11-21 | 6.1 Medium |
| Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module. | ||||
| CVE-2020-23046 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.1 Medium |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. | ||||
| CVE-2020-23044 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | ||||