Lucene search
K

2465 matches found

Prion
Prion
added 2021/07/02 6:15 p.m.12 views

Cross site scripting

A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module...

3.5CVSS5.3AI score0.00528EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/07/02 5:51 p.m.28 views

CVE-2020-36415

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module...

5.3AI score0.00473EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/07/02 5:51 p.m.24 views

CVE-2020-36413

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module...

5.3AI score0.00473EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/07/02 5:51 p.m.38 views

CVE-2020-36412

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module...

5.3AI score0.00473EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/07/02 5:51 p.m.24 views

CVE-2020-23190

A stored cross site scripting XSS vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.5AI score0.00512EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/07/02 5:51 p.m.33 views

CVE-2020-23184

A stored cross site scripting XSS vulnerability in /administration/settingsregistration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field...

5.2AI score0.00447EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/07/02 5:51 p.m.24 views

CVE-2020-23181

A reflected cross site scripting XSS vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field...

5.3AI score0.00447EPSS
Exploits1References1
OSV
OSV
added 2021/07/01 9:15 p.m.11 views

CVE-2020-23217

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module...

5.4CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added 2021/07/01 8:9 p.m.22 views

CVE-2020-23205

A stored cross site scripting XSS vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module...

6AI score0.00531EPSS
Exploits1References1
NVD
NVD
added 2021/06/23 7:15 p.m.26 views

CVE-2020-23962

A cross site scripting XSS vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcementgonggao" parameter...

6.1CVSS0.00662EPSS
Exploits1References1
OSV
OSV
added 2021/06/22 2:15 p.m.9 views

CVE-2021-34243

A stored cross site scripting XSS vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file...

5.4CVSS5.6AI score
Exploits0References1
Prion
Prion
added 2021/06/22 2:15 p.m.15 views

Cross site scripting

A stored cross site scripting XSS vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file...

3.5CVSS5.4AI score0.00595EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2021/06/01 3:15 p.m.25 views

CVE-2020-26669

A stored cross-site scripting XSS vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update...

5.4CVSS0.00604EPSS
Exploits1References1
NVD
NVD
added 2021/06/01 3:15 p.m.25 views

CVE-2020-27377

A cross-site scripting XSS vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts...

4.8CVSS0.00534EPSS
Exploits1References1
OSV
OSV
added 2021/06/01 3:15 p.m.14 views

CVE-2020-26669

A stored cross-site scripting XSS vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update...

5.4CVSS5.4AI score0.00604EPSS
Exploits1References1
Prion
Prion
added 2021/06/01 3:15 p.m.14 views

Cross site scripting

A cross-site scripting XSS vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts...

3.5CVSS5AI score0.00534EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/06/01 2:57 p.m.22 views

CVE-2020-27377

A cross-site scripting XSS vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts...

5.1AI score0.00534EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/31 12:0 a.m.4 views

iCMS Cross-Site Request Forgery Vulnerability (CNVD-2021-43532)

iCMS is an efficient and simple content management system built with PHP and MySQL. A cross-site request forgery vulnerability exists in iCMS version 7.0.16. An attacker can exploit this vulnerability to execute arbitrary web scripts...

8.8CVSS7.4AI score0.00518EPSS
Exploits1References1
OSV
OSV
added 2021/05/28 8:15 p.m.2 views

CVE-2020-26641

A Cross Site Request Forgery CSRF vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts...

8.8CVSS6AI score0.00518EPSS
Exploits1References1
Prion
Prion
added 2021/05/28 8:15 p.m.9 views

Cross site request forgery (csrf)

A Cross Site Request Forgery CSRF vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts...

6.8CVSS8.8AI score0.00518EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder