Total
43770 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-1104 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 5.4 Medium |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107. | ||||
| CVE-2020-1063 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 5.4 Medium |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | ||||
| CVE-2020-1050 | 1 Microsoft | 1 Dynamics 365 Server | 2024-11-21 | 6.1 Medium |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1049. | ||||
| CVE-2020-1049 | 1 Microsoft | 1 Dynamics 365 Server | 2024-11-21 | 5.4 Medium |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1050. | ||||
| CVE-2020-19962 | 1 Chaoji Cms Project | 1 Chaoji Cms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts. | ||||
| CVE-2020-19952 | 1 Jbt | 1 Live \(github-flavored\) Markdown Editor | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file. | ||||
| CVE-2020-19950 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-19949 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-19924 | 1 Issuehunt | 1 Boostnote | 2024-11-21 | 5.4 Medium |
| In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks. | ||||
| CVE-2020-19915 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. | ||||
| CVE-2020-19914 | 1 Xiuno | 1 Xiunobbs | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function. | ||||
| CVE-2020-19887 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.8 Medium |
| DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | ||||
| CVE-2020-19885 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.8 Medium |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | ||||
| CVE-2020-19884 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.8 Medium |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119. | ||||
| CVE-2020-19883 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.8 Medium |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | ||||
| CVE-2020-19882 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.8 Medium |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | ||||
| CVE-2020-19881 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.8 Medium |
| DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | ||||
| CVE-2020-19880 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 6.1 Medium |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users. | ||||
| CVE-2020-19879 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 6.1 Medium |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107, | ||||
| CVE-2020-19855 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | 6.1 Medium |
| phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. | ||||