Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4661 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to system/authors. | |||||
| CVE-2015-8376 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter to blueprints/sections/edit/1. | |||||
| CVE-2017-6067 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field. | |||||
| CVE-2017-8876 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php. | |||||
| CVE-2017-5542 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter. | |||||
| CVE-2010-3457 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2020-15071 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading. | |||||
| CVE-2020-19887 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-25 | 3.5 LOW | 4.8 MEDIUM |
| DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | |||||
| CVE-2020-19885 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-25 | 3.5 LOW | 4.8 MEDIUM |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | |||||
| CVE-2020-19884 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-25 | 3.5 LOW | 4.8 MEDIUM |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119. | |||||
| CVE-2020-19883 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-25 | 3.5 LOW | 4.8 MEDIUM |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | |||||
| CVE-2020-19881 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-25 | 3.5 LOW | 4.8 MEDIUM |
| DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | |||||
| CVE-2020-19880 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users. | |||||
| CVE-2020-19882 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-25 | 3.5 LOW | 4.8 MEDIUM |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | |||||
| CVE-2020-19879 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107, | |||||
| CVE-2020-15119 | 1 Auth0 | 1 Lock | 2020-08-25 | 3.5 LOW | 5.4 MEDIUM |
| In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks. | |||||
| CVE-2018-18379 | 1 Elementor | 1 Elementor Page Builder | 2020-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS. | |||||
| CVE-2020-8426 | 1 Elementor | 1 Elementor Page Builder | 2020-08-25 | 3.5 LOW | 5.4 MEDIUM |
| The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user. | |||||
| CVE-2019-20152 | 1 Treasuryxpress | 1 Treasuryxpress | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow field. As a result, the payload is executed via the navigation bar throughout the application. | |||||
| CVE-2019-20151 | 1 Treasuryxpress | 1 Treasuryxpress | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and inserted via the Note field. As a result, the payload is executed by the application's administrator(s). | |||||