5207 matches found
CVE-2020-36414
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL slug" or "Extra" fields under the "Add Article" feature...
CVE-2020-36398
A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module...
CVE-2020-23194
A stored cross site scripting XSS vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-36411
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the pageimage tag:" or "Path for thumbnail field:" parameters under the "Content Editing Settings" module...
CVE-2020-36399
A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module...
CVE-2020-36413
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module...
CVE-2020-36395
A stored cross site scripting XSS vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter...
CVE-2020-23194
A stored cross site scripting XSS vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-36410
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module...
Cross site scripting
A stored cross site scripting XSS vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter...
Cross site scripting
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module...
Cross site scripting
A stored cross site scripting XSS vulnerability in /administration/settingsecurity.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
Cross site scripting
A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module...
Cross site scripting
A stored cross site scripting XSS vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
Cross site scripting
A stored cross site scripting XSS vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter...
Cross site scripting
A reflected cross site scripting XSS vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field...
Cross site scripting
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module...
Cross site scripting
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module...
Cross site scripting
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module...
Cross site scripting
A stored cross site scripting XSS vulnerability in /administration/settingsregistration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field...