Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 17,416 matching records.
Displaying matches 621 through 640.
Vuln ID Summary CVSS Severity
CVE-2020-35946

An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.

Published: December 31, 2020; 11:15:13 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-35944

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.

Published: December 31, 2020; 11:15:13 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-35937

Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts.

Published: December 31, 2020; 9:15:13 PM -0500
V3.1: 8.0 HIGH
V2.0: 6.0 MEDIUM
CVE-2020-35936

Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.

Published: December 31, 2020; 9:15:13 PM -0500
V3.1: 8.0 HIGH
V2.0: 6.0 MEDIUM
CVE-2020-35933

A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter.

Published: December 31, 2020; 9:15:13 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 3.5 LOW
CVE-2020-35930

Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.

Published: December 31, 2020; 3:15:12 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-25011

NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.

Published: December 31, 2020; 3:15:12 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-25799

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Published: December 31, 2020; 1:15:13 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-25797

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Published: December 31, 2020; 1:15:13 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-35741

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-35740

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-26296

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execute arbitrary javascript on a victim's machine. This is fixed in version 5.17.3

Published: December 30, 2020; 6:15:15 PM -0500
V3.1: 8.7 HIGH
V2.0: 3.5 LOW
CVE-2019-16747

In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431.

Published: December 30, 2020; 4:15:12 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-29231

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability can result in the attacker injecting the XSS payload in Admin Full Name and each time admin visits the Profile page from the admin panel, the XSS triggers.

Published: December 30, 2020; 2:15:13 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-29230

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Panel - Manage User tab using the Full Name of the user. This vulnerability can result in the attacker injecting the XSS payload in the User Registration section and each time admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie according to the crafted payload.

Published: December 30, 2020; 2:15:13 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-28365

** UNSUPPORTED WHEN ASSIGNED ** Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published: December 30, 2020; 2:15:13 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-5810

A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.

Published: December 30, 2020; 11:15:12 AM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-5809

A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.

Published: December 30, 2020; 11:15:12 AM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-35241

FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.

Published: December 30, 2020; 10:15:13 AM -0500
V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2020-35240

FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.

Published: December 30, 2020; 10:15:13 AM -0500
V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW