CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1651 CVE-2020-24447 427 Exec Code 2020-12-11 2020-12-11
3.7
None Local High Not required Partial Partial Partial
Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
1652 CVE-2020-24445 79 XSS 2020-12-10 2021-01-13
3.5
None Remote Medium ??? None Partial None
AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
1653 CVE-2020-24440 427 Exec Code 2020-12-11 2020-12-11
3.7
None Local High Not required Partial Partial Partial
Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
1654 CVE-2020-24394 732 2020-08-19 2021-06-14
3.6
None Local Low Not required Partial Partial None
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.
1655 CVE-2020-23989 79 XSS 2020-11-02 2020-11-03
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C allows pwsec.php oid XSS.
1656 CVE-2020-23984 79 XSS 2020-08-27 2020-09-02
3.5
None Remote Medium ??? None Partial None
Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags.
1657 CVE-2020-23983 79 XSS 2020-08-27 2020-09-02
3.5
None Remote Medium ??? None Partial None
Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags.
1658 CVE-2020-23974 79 XSS 2020-08-27 2020-09-02
3.5
None Remote Medium ??? None Partial None
Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags).
1659 CVE-2020-23868 79 XSS 2020-11-02 2020-11-03
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C allows inc/rt-popup.php d XSS.
1660 CVE-2020-23762 79 XSS 2021-04-09 2021-04-13
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.
1661 CVE-2020-23721 79 XSS Bypass 2021-03-10 2021-03-12
3.5
None Remote Medium ??? None Partial None
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.
1662 CVE-2020-23710 79 XSS 2021-06-28 2021-06-29
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature.
1663 CVE-2020-23702 79 XSS 2021-07-07 2021-07-12
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php.
1664 CVE-2020-23700 79 XSS 2021-07-07 2021-07-12
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature.
1665 CVE-2020-23697 79 XSS 2021-07-06 2021-07-08
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.
1666 CVE-2020-23689 79 XSS 2021-05-14 2021-05-21
3.5
None Remote Medium ??? None Partial None
In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page.
1667 CVE-2020-23660 79 XSS 2020-08-26 2020-08-28
3.5
None Remote Medium ??? None Partial None
webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search."
1668 CVE-2020-23659 79 XSS 2020-08-26 2021-09-28
3.5
None Remote Medium ??? None Partial None
WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature.
1669 CVE-2020-23658 79 XSS 2020-08-26 2020-09-01
3.5
None Remote Medium ??? None Partial None
PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php.
1670 CVE-2020-23657 79 XSS 2020-08-26 2020-08-26
3.5
None Remote Medium ??? None Partial None
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
1671 CVE-2020-23656 79 XSS 2020-08-26 2020-08-26
3.5
None Remote Medium ??? None Partial None
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content."
1672 CVE-2020-23655 79 XSS 2020-08-26 2020-08-26
3.5
None Remote Medium ??? None Partial None
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
1673 CVE-2020-23654 79 XSS 2020-08-26 2020-08-26
3.5
None Remote Medium ??? None Partial None
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."
1674 CVE-2020-23576 79 XSS 2020-08-27 2020-09-02
3.5
None Remote Medium ??? None Partial None
Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab.
1675 CVE-2020-23518 79 XSS 2021-03-02 2021-03-08
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML.
1676 CVE-2020-23481 79 XSS 2021-09-22 2021-09-28
3.5
None Remote Medium ??? None Partial None
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.
1677 CVE-2020-23450 79 XSS 2020-09-01 2020-09-08
3.5
None Remote Medium ??? None Partial None
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.
1678 CVE-2020-23374 79 XSS 2021-05-10 2021-05-12
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
1679 CVE-2020-23373 79 XSS 2021-05-10 2021-05-12
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
1680 CVE-2020-23370 79 XSS 2021-05-10 2021-05-13
3.5
None Remote Medium ??? None Partial None
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.
1681 CVE-2020-23243 79 XSS 2021-07-26 2021-07-30
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.
1682 CVE-2020-23242 79 XSS 2021-07-26 2021-07-30
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
1683 CVE-2020-23241 79 XSS 2021-07-26 2021-07-30
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
1684 CVE-2020-23240 79 XSS 2021-07-26 2021-07-30
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
1685 CVE-2020-23239 79 XSS 2021-07-26 2021-07-30
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
1686 CVE-2020-23238 79 XSS 2021-07-26 2021-07-30
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.
1687 CVE-2020-23234 79 XSS Bypass 2021-07-26 2021-07-30
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".
1688 CVE-2020-23217 79 XSS 2021-07-01 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module.
1689 CVE-2020-23214 79 XSS 2021-07-01 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module.
1690 CVE-2020-23209 79 XSS 2021-07-01 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module.
1691 CVE-2020-23208 79 XSS 2021-07-01 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module.
1692 CVE-2020-23207 79 XSS 2021-07-01 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module.
1693 CVE-2020-23205 79 XSS 2021-07-01 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module.
1694 CVE-2020-23194 79 XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
1695 CVE-2020-23192 79 XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module.
1696 CVE-2020-23190 79 XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
1697 CVE-2020-23185 79 XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
1698 CVE-2020-23184 79 XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field.
1699 CVE-2020-23181 79 XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field.
1700 CVE-2020-23179 79 XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.