Export limit exceeded: 47163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47163 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24303 | 2 Grafana, Redhat | 2 Grafana, Enterprise Linux | 2024-11-21 | 6.1 Medium |
| Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. | ||||
| CVE-2020-24301 | 1 Hapifhir | 1 Testpage Overlay | 2024-11-21 | 6.1 Medium |
| Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believed to be widely used for any production purposes. | ||||
| CVE-2020-24223 | 1 Mara Cms Project | 1 Mara Cms | 2024-11-21 | 6.1 Medium |
| Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. | ||||
| CVE-2020-24218 | 1 Szuray | 95 Iptv\/h.264 Video Encoder Firmware, Iptv\/h.265 Video Encoder Firmware, Uaioe264-1u and 92 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file. | ||||
| CVE-2020-24215 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution. | ||||
| CVE-2020-24198 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 6.1 Medium |
| A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' | ||||
| CVE-2020-24194 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2024-11-21 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter. | ||||
| CVE-2020-24188 | 1 Unitedplanet | 1 Intrexx | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter. | ||||
| CVE-2020-24145 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action. | ||||
| CVE-2020-24138 | 1 Wcms | 1 Wcms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php. | ||||
| CVE-2020-24135 | 1 Wcms | 1 Wcms | 2024-11-21 | 6.1 Medium |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php. | ||||
| CVE-2020-24115 | 1 Online Book Store Project | 1 Online Book Store | 2024-11-21 | 9.8 Critical |
| In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. | ||||
| CVE-2020-24104 | 1 Pix-link | 2 Lv-wr07, Lv-wr07 Firmware | 2024-11-21 | 6.1 Medium |
| XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter. | ||||
| CVE-2020-24085 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code. | ||||
| CVE-2020-24075 | 1 Laborator | 1 Kalium | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code. | ||||
| CVE-2020-24056 | 1 Verint | 6 4320, 4320 Firmware, 5620ptz and 3 more | 2024-11-21 | 7.5 High |
| A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | ||||
| CVE-2020-24053 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2024-11-21 | 7.5 High |
| Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | ||||
| CVE-2020-24026 | 1 Tinyshop Project | 1 Tinyshop | 2024-11-21 | 6.1 Medium |
| TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scripting (XSS) or information disclosure. | ||||
| CVE-2020-23992 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request. | ||||
| CVE-2020-23989 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C allows pwsec.php oid XSS. | ||||