CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1751 CVE-2020-20406 79 XSS 2020-09-16 2020-09-18
3.5
None Remote Medium ??? None Partial None
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes.
1752 CVE-2020-20391 79 XSS 2021-06-23 2021-06-25
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.
1753 CVE-2020-20389 79 XSS 2021-06-23 2021-06-25
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.
1754 CVE-2020-20363 79 XSS 2021-07-08 2021-07-12
3.5
None Remote Medium ??? None Partial None
Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php.
1755 CVE-2020-20349 79 XSS 2021-09-01 2021-09-07
3.5
None Remote Medium ??? None Partial None
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module.
1756 CVE-2020-20348 79 XSS 2021-09-01 2021-09-07
3.5
None Remote Medium ??? None Partial None
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module.
1757 CVE-2020-20347 79 XSS 2021-09-01 2021-09-07
3.5
None Remote Medium ??? None Partial None
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module.
1758 CVE-2020-20345 79 XSS 2021-09-01 2021-09-07
3.5
None Remote Medium ??? None Partial None
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.
1759 CVE-2020-20344 79 XSS 2021-09-01 2021-09-07
3.5
None Remote Medium ??? None Partial None
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module.
1760 CVE-2020-20285 79 XSS 2020-12-18 2020-12-22
3.5
None Remote Medium ??? None Partial None
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
1761 CVE-2020-20131 79 XSS 2021-09-29 2021-10-03
3.5
None Remote Medium ??? None Partial None
LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module.
1762 CVE-2020-20129 79 XSS 2021-09-29 2021-10-03
3.5
None Remote Medium ??? None Partial None
LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor.
1763 CVE-2020-19962 79 XSS 2021-10-14 2021-10-19
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts.
1764 CVE-2020-19950 79 XSS 2021-09-23 2021-09-29
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
1765 CVE-2020-19949 79 XSS 2021-09-23 2021-09-29
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
1766 CVE-2020-19924 79 XSS 2021-05-18 2021-05-24
3.5
None Remote Medium ??? None Partial None
In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks.
1767 CVE-2020-19887 79 XSS 2020-08-24 2020-08-25
3.5
None Remote Medium ??? None Partial None
DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
1768 CVE-2020-19885 79 XSS 2020-08-24 2020-08-25
3.5
None Remote Medium ??? None Partial None
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
1769 CVE-2020-19884 79 XSS 2020-08-24 2020-08-25
3.5
None Remote Medium ??? None Partial None
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119.
1770 CVE-2020-19883 79 XSS 2020-08-24 2020-08-25
3.5
None Remote Medium ??? None Partial None
DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
1771 CVE-2020-19882 79 XSS 2020-08-24 2020-08-25
3.5
None Remote Medium ??? None Partial None
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
1772 CVE-2020-19881 79 XSS 2020-08-24 2020-08-25
3.5
None Remote Medium ??? None Partial None
DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
1773 CVE-2020-19704 79 XSS 2021-08-26 2021-09-01
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML.
1774 CVE-2020-19626 79 XSS 2021-03-26 2021-03-26
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
1775 CVE-2020-19619 79 XSS 2021-04-01 2021-04-02
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
1776 CVE-2020-19618 79 XSS 2021-04-01 2021-04-02
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
1777 CVE-2020-19617 79 XSS 2021-04-01 2021-04-02
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.
1778 CVE-2020-19616 79 XSS 2021-04-01 2021-04-02
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
1779 CVE-2020-19553 79 XSS 2021-09-21 2021-09-29
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
1780 CVE-2020-19294 79 XSS 2021-09-09 2021-09-13
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.
1781 CVE-2020-19293 79 XSS 2021-09-09 2021-09-13
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article.
1782 CVE-2020-19292 79 XSS 2021-09-09 2021-09-13
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.
1783 CVE-2020-19291 79 XSS 2021-09-09 2021-09-13
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo.
1784 CVE-2020-19290 79 XSS 2021-09-09 2021-09-13
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section.
1785 CVE-2020-19289 79 XSS 2021-09-09 2021-09-13
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab.
1786 CVE-2020-19288 79 XSS 2021-09-09 2021-09-13
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message.
1787 CVE-2020-19287 79 XSS 2021-09-09 2021-09-13
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title.
1788 CVE-2020-19286 79 XSS 2021-09-09 2021-09-13
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.
1789 CVE-2020-19285 79 XSS 2021-09-09 2021-09-13
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field.
1790 CVE-2020-19284 79 XSS 2021-09-09 2021-09-13
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field.
1791 CVE-2020-19281 79 XSS 2021-09-09 2021-09-13
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field.
1792 CVE-2020-19268 352 CSRF 2021-09-09 2021-09-22
3.5
None Remote Medium ??? None Partial None
A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.
1793 CVE-2020-19202 79 XSS 2021-06-17 2021-06-22
3.5
None Remote Medium ??? None Partial None
An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page.
1794 CVE-2020-19201 79 XSS 2021-07-12 2021-09-14
3.5
None Remote Medium ??? None Partial None
A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr (description) parameter on NAT rules.
1795 CVE-2020-19158 79 Exec Code XSS 2021-09-15 2021-09-22
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
1796 CVE-2020-19156 79 Exec Code XSS 2021-09-15 2021-09-22
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.
1797 CVE-2020-19148 79 Exec Code XSS 2021-09-15 2021-09-22
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.
1798 CVE-2020-19118 79 XSS 2021-07-30 2021-08-03
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.
1799 CVE-2020-19049 79 XSS 2021-08-31 2021-09-07
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
1800 CVE-2020-19048 79 XSS 2021-08-31 2021-09-09
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.