CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1701 CVE-2020-23192 79 XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module.
1702 CVE-2020-23190 79 XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
1703 CVE-2020-23185 79 XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
1704 CVE-2020-23184 79 XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field.
1705 CVE-2020-23181 79 XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field.
1706 CVE-2020-23179 79 XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field.
1707 CVE-2020-23055 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module via the userid and password parameters.
1708 CVE-2020-23052 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (DescripciĆ³n) parameters.
1709 CVE-2020-23049 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.
1710 CVE-2020-23044 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
1711 CVE-2020-23039 79 XSS 2021-10-22 2021-10-27
3.5
None Remote Medium ??? None Partial None
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name.
1712 CVE-2020-23014 79 XSS 2021-01-26 2021-01-29
3.5
None Remote Medium ??? None Partial None
APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel.
1713 CVE-2020-22842 79 XSS 2020-09-30 2020-10-02
3.5
None Remote Medium ??? None Partial None
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
1714 CVE-2020-22841 79 Exec Code XSS 2021-02-09 2021-02-17
3.5
None Remote Medium ??? None Partial None
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
1715 CVE-2020-22790 79 Exec Code XSS 2021-04-28 2021-06-17
3.5
None Remote Medium ??? None Partial None
Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.
1716 CVE-2020-22732 79 XSS 2021-08-05 2021-08-11
3.5
None Remote Medium ??? None Partial None
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
1717 CVE-2020-22719 79 XSS 2021-11-22 2021-11-23
3.5
None Remote Medium ??? None Partial None
Shimo Document v2.0.1 contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field.
1718 CVE-2020-22428 79 XSS 2021-05-05 2021-05-17
3.5
None Remote Medium ??? None Partial None
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
1719 CVE-2020-22392 79 XSS 2021-08-05 2021-08-11
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
1720 CVE-2020-22251 79 XSS 2021-07-06 2021-07-07
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.
1721 CVE-2020-22167 79 XSS 2021-06-22 2021-06-24
3.5
None Remote Medium ??? None Partial None
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.
1722 CVE-2020-21930 79 XSS 2021-08-10 2021-08-13
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
1723 CVE-2020-21929 79 XSS 2021-08-10 2021-08-13
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
1724 CVE-2020-21729 79 XSS 2021-10-07 2021-10-14
3.5
None Remote Medium ??? None Partial None
JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
1725 CVE-2020-21656 79 XSS 2021-10-06 2021-10-14
3.5
None Remote Medium ??? None Partial None
XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index.
1726 CVE-2020-21482 79 XSS 2021-09-15 2021-09-27
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the administrator's cookie via a crafted payload in the Name field under the Message Board module
1727 CVE-2020-21434 79 XSS 2021-10-04 2021-10-07
3.5
None Remote Medium ??? None Partial None
Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.
1728 CVE-2020-21362 79 XSS 2021-08-11 2021-08-13
3.5
None Remote Medium ??? None Partial None
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
1729 CVE-2020-21353 79 XSS 2021-08-06 2021-08-09
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module.
1730 CVE-2020-21333 79 XSS 2021-07-09 2021-07-13
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case.
1731 CVE-2020-21147 79 Exec Code XSS 2021-01-26 2021-01-29
3.5
None Remote Medium ??? None Partial None
RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering.
1732 CVE-2020-21101 79 Exec Code XSS 2021-04-29 2021-05-10
3.5
None Remote Medium ??? None Partial None
Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute arbitrary code.
1733 CVE-2020-21088 79 XSS +Info 2021-04-14 2021-04-21
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"
1734 CVE-2020-21003 79 XSS 2021-06-03 2021-06-10
3.5
None Remote Medium ??? None Partial None
Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php.
1735 CVE-2020-20990 79 XSS 2021-08-12 2021-08-16
3.5
None Remote Medium ??? None Partial None
A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter.
1736 CVE-2020-20988 79 XSS 2021-08-12 2021-08-16
3.5
None Remote Medium ??? None Partial None
A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter.
1737 CVE-2020-20977 79 XSS 2021-08-12 2021-08-13
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.
1738 CVE-2020-20908 79 XSS 2021-10-25 2021-10-28
3.5
None Remote Medium ??? None Partial None
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field.
1739 CVE-2020-20799 79 XSS 2021-09-30 2021-10-04
3.5
None Remote Medium ??? None Partial None
JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.
1740 CVE-2020-20781 79 XSS 2021-09-29 2021-10-03
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.
1741 CVE-2020-20701 79 XSS 2021-07-30 2021-08-03
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
1742 CVE-2020-20700 79 XSS 2021-07-30 2021-08-03
3.5
None Remote Medium ??? None Partial None
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.
1743 CVE-2020-20699 79 XSS 2021-07-30 2021-08-03
3.5
None Remote Medium ??? None Partial None
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.
1744 CVE-2020-20696 79 XSS 2021-09-27 2021-10-01
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.
1745 CVE-2020-20695 79 XSS 2021-09-27 2021-10-01
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
1746 CVE-2020-20645 79 XSS 2021-08-19 2021-08-23
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.
1747 CVE-2020-20633 79 XSS 2020-08-21 2020-08-28
3.5
None Remote Medium ??? None Partial None
ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation.
1748 CVE-2020-20626 79 XSS 2020-08-31 2020-09-08
3.5
None Remote Medium ??? None Partial None
lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS.
1749 CVE-2020-20586 352 CSRF 2021-07-08 2021-07-12
3.5
None Remote Medium ??? None Partial None
A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.
1750 CVE-2020-20545 79 XSS 2021-03-30 2021-04-01
3.5
None Remote Medium ??? None Partial None
Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Collaboration System V6.1SP1, via the 'method' parameter to 'seeyon/hrSalary.do'.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.