Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15159 | 1 Basercms | 1 Basercms | 2020-09-03 | 4.6 MEDIUM | 7.6 HIGH |
| baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7. | |||||
| CVE-2020-25090 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php. | |||||
| CVE-2020-25086 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php. | |||||
| CVE-2020-25089 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php. | |||||
| CVE-2020-25087 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php. | |||||
| CVE-2020-25091 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php. | |||||
| CVE-2020-25093 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel. | |||||
| CVE-2020-25088 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php. | |||||
| CVE-2020-25092 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel. | |||||
| CVE-2020-23831 | 1 Stock Management System Project | 1 Stock Management System | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials. | |||||
| CVE-2020-23974 | 1 Create-project Manager Project | 1 Create-project Manager | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags). | |||||
| CVE-2020-16193 | 1 Osticket | 1 Osticket | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. | |||||
| CVE-2020-7309 | 1 Mcafee | 1 Application And Change Control | 2020-09-02 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. | |||||
| CVE-2020-23977 | 1 Kandnconcepts Club Cms Project | 1 Kandnconcepts Club Cms | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter. | |||||
| CVE-2020-3491 | 1 Cisco | 1 Vision Dynamic Signage Director | 2020-09-02 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected device. | |||||
| CVE-2020-23984 | 1 Online Hotel Booking System Pro Project | 1 Online Hotel Booking System Pro | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. | |||||
| CVE-2020-23576 | 1 Laborator | 1 Neon | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab. | |||||
| CVE-2020-24390 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. | |||||
| CVE-2020-23982 | 1 Designmasterevents | 1 Conference Management Cms | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php' | |||||
| CVE-2020-23983 | 1 Ichat Project | 1 Ichat | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags. | |||||