CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1801 CVE-2020-18693 79 Exec Code XSS 2021-08-06 2021-08-13
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'.
1802 CVE-2020-18671 79 XSS 2021-06-24 2021-06-29
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
1803 CVE-2020-18670 79 XSS 2021-06-24 2021-06-29
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
1804 CVE-2020-18668 79 XSS 2021-06-24 2021-07-01
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls.
1805 CVE-2020-18664 79 XSS 2021-06-24 2021-07-20
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn.
1806 CVE-2020-18475 79 Exec Code XSS 2021-08-26 2021-08-27
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be executed.
1807 CVE-2020-18470 79 XSS 2021-08-26 2021-08-27
3.5
None Remote Medium ??? None Partial None
Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php.
1808 CVE-2020-18469 79 XSS 2021-08-26 2021-08-27
3.5
None Remote Medium ??? None Partial None
Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application.
1809 CVE-2020-18468 79 XSS 2021-08-26 2021-08-27
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration.
1810 CVE-2020-18467 79 XSS 2021-08-26 2021-08-27
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create.
1811 CVE-2020-18464 352 CSRF 2021-08-12 2021-08-17
3.5
None Remote Medium ??? None Partial None
Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information.
1812 CVE-2020-18463 352 CSRF 2021-08-12 2021-08-17
3.5
None Remote Medium ??? None Partial None
Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message.
1813 CVE-2020-18456 79 XSS 2021-08-12 2021-08-16
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php.
1814 CVE-2020-18455 79 XSS 2021-08-12 2021-08-25
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php.
1815 CVE-2020-18451 79 XSS 2021-08-12 2021-08-13
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php.
1816 CVE-2020-18449 79 XSS 2021-08-12 2021-08-13
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php
1817 CVE-2020-18446 79 XSS 2021-08-12 2021-08-13
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php.
1818 CVE-2020-18230 79 Exec Code XSS 2021-05-27 2021-05-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php".
1819 CVE-2020-18229 79 Exec Code XSS 2021-05-27 2021-05-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php".
1820 CVE-2020-18167 79 Exec Code XSS 2021-05-14 2021-05-21
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".
1821 CVE-2020-18165 79 Exec Code XSS 2021-05-12 2021-05-18
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
1822 CVE-2020-18158 79 XSS 2021-07-30 2021-08-03
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php.
1823 CVE-2020-18126 79 XSS 2021-08-30 2021-09-02
3.5
None Remote Medium ??? None Partial None
Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.
1824 CVE-2020-18065 79 XSS 2021-08-25 2021-09-07
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu.
1825 CVE-2020-17551 79 Exec Code XSS 2020-10-07 2020-10-14
3.5
None Remote Medium ??? None Partial None
ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.
1826 CVE-2020-17542 79 Exec Code XSS 2021-04-23 2021-04-30
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component.
1827 CVE-2020-17526 269 2020-12-21 2021-07-21
3.5
None Remote Medium ??? Partial None None
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.
1828 CVE-2020-17458 79 XSS 2020-09-02 2020-09-08
3.5
None Remote Medium ??? None Partial None
A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field.
1829 CVE-2020-17457 79 XSS 2021-03-17 2021-03-25
3.5
None Remote Medium ??? None Partial None
Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCU_FILE_INIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages.
1830 CVE-2020-17451 79 XSS 2020-08-09 2020-08-10
3.5
None Remote Medium ??? None Partial None
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter.
1831 CVE-2020-17449 79 XSS 2020-08-12 2020-08-13
3.5
None Remote Medium ??? None Partial None
PHP-Fusion 9.03 allows XSS via the error_log file.
1832 CVE-2020-17409 288 2020-10-13 2020-12-03
3.3
None Local Network Low Not required Partial None None
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754.
1833 CVE-2020-17373 89 Sql 2020-08-12 2020-10-28
3.5
None Remote Medium ??? Partial None None
SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.
1834 CVE-2020-17372 79 XSS 2020-08-12 2020-08-13
3.5
None Remote Medium ??? None Partial None
SugarCRM before 10.1.0 (Q3 2020) allows XSS.
1835 CVE-2020-17147 79 XSS 2020-12-10 2021-03-03
3.5
None Remote Medium ??? None Partial None
Dynamics CRM Webclient Cross-site Scripting Vulnerability
1836 CVE-2020-17083 79 Exec Code XSS 2020-11-11 2020-11-17
3.5
None Remote Medium ??? None Partial None
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17084.
1837 CVE-2020-17021 79 XSS 2020-11-11 2020-11-16
3.5
None Remote Medium ??? None Partial None
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17005, CVE-2020-17006, CVE-2020-17018.
1838 CVE-2020-17018 79 XSS 2020-11-11 2020-11-16
3.5
None Remote Medium ??? None Partial None
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17005, CVE-2020-17006, CVE-2020-17021.
1839 CVE-2020-17006 79 XSS 2020-11-11 2020-11-16
3.5
None Remote Medium ??? None Partial None
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17005, CVE-2020-17018, CVE-2020-17021.
1840 CVE-2020-17005 79 XSS 2020-11-11 2020-11-16
3.5
None Remote Medium ??? None Partial None
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17006, CVE-2020-17018, CVE-2020-17021.
1841 CVE-2020-16978 79 XSS 2020-10-16 2020-10-20
3.5
None Remote Medium ??? None Partial None
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16956.
1842 CVE-2020-16956 79 XSS 2020-10-16 2020-10-20
3.5
None Remote Medium ??? None Partial None
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16978.
1843 CVE-2020-16946 79 XSS 2020-10-16 2020-10-20
3.5
None Remote Medium ??? None Partial None
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-16945.
1844 CVE-2020-16945 79 XSS 2020-10-16 2020-10-20
3.5
None Remote Medium ??? None Partial None
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-16946.
1845 CVE-2020-16944 79 XSS 2020-10-16 2020-10-20
3.5
None Remote Medium ??? None Partial None
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'.
1846 CVE-2020-16943 863 2020-10-16 2021-07-21
3.3
None Local Network Low Not required None Partial None
An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce, aka 'Dynamics 365 Commerce Elevation of Privilege Vulnerability'.
1847 CVE-2020-16878 79 XSS 2020-09-11 2020-09-13
3.5
None Remote Medium ??? None Partial None
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872.
1848 CVE-2020-16877 269 2020-10-16 2021-07-21
3.6
None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points, aka 'Windows Elevation of Privilege Vulnerability'.
1849 CVE-2020-16872 79 XSS 2020-09-11 2020-09-13
3.5
None Remote Medium ??? None Partial None
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16878.
1850 CVE-2020-16871 79 XSS 2020-09-11 2020-09-13
3.5
None Remote Medium ??? None Partial None
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16872, CVE-2020-16878.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.