5207 matches found
CVE-2020-23205
A stored cross site scripting XSS vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module...
CVE-2020-23217
CVE-2020-23217 is a stored XSS vulnerability in phpList 3.5.3. The flaw occurs in the Import Emails module’s Add a list field, where crafted input can execute arbitrary web scripts/HTML on the affected page. Consequences include user-held scripts running in the context of phplist, with potential ...
CVE-2020-23217
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module...
CVE-2020-23214
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module...
CVE-2020-23209
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module...
CVE-2020-23207
CVE-2020-23207 describes a stored cross-site scripting (XSS) vulnerability in phplist 3.5.3. The issue is triggered by user-supplied payloads entered into the Edit Values field under the Configure Attributes module, allowing attackers to inject arbitrary web scripts/HTML. The connected documents ...
CVE-2020-23205
A stored cross site scripting XSS vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module...
CVE-2020-23962
A cross site scripting XSS vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcementgonggao" parameter...
Cross site scripting
A cross site scripting XSS vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcementgonggao" parameter...
CVE-2021-34243
A stored cross site scripting XSS vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file...
Cross site scripting
A stored cross site scripting XSS vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file...
CVE-2020-26693
A stored cross-site scripting XSS vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the loadbalancermonitor.php function...
CVE-2020-27377
A cross-site scripting XSS vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts...
CVE-2020-26669
A stored cross-site scripting XSS vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update...
CVE-2020-26669
A stored cross-site scripting XSS vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update...
CVE-2020-26693
A stored cross-site scripting XSS vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the loadbalancermonitor.php function...
Cross site scripting
A cross-site scripting XSS vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts...
CVE-2020-27377
CMS Made Simple 2.2.14 is affected by a cross-site scripting (XSS) vulnerability in the Administrator panel, specifically in the 'Setting News' module, allowing execution of arbitrary web scripts. The issue is triggered via user-supplied input and can impact integrity and confidentiality per CVE ...
CVE-2020-27377
A cross-site scripting XSS vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts...
CVE-2020-26693
A stored cross-site scripting XSS vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the loadbalancermonitor.php function...