Search

Search Results (362508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-23984 1 Online Hotel Booking System Pro Project 1 Online Hotel Booking System Pro 2024-11-21 5.4 Medium
Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags.
CVE-2020-23983 1 Ichat Project 1 Ichat 2024-11-21 5.4 Medium
Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags.
CVE-2020-23982 1 Designmasterevents 1 Conference Management Cms 2024-11-21 6.1 Medium
DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php'
CVE-2020-23981 1 13enforme 1 13enforme Cms 2024-11-21 6.1 Medium
13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter.
CVE-2020-23980 1 Designmasterevents 1 Conference Management 2024-11-21 9.8 Critical
DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page.
CVE-2020-23979 1 13enforme 1 13enforme Cms 2024-11-21 9.8 Critical
13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter.
CVE-2020-23978 1 Soluzioneglobale 1 Ecommerce Cms 2024-11-21 9.8 Critical
SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"
CVE-2020-23977 1 Kandnconcepts Club Cms Project 1 Kandnconcepts Club Cms 2024-11-21 6.1 Medium
KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter.
CVE-2020-23976 1 Webexcels 1 Ecommerce Cms 2024-11-21 9.8 Critical
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter.
CVE-2020-23975 1 Webexcels 1 Ecommerce Cms 2024-11-21 6.1 Medium
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter.
CVE-2020-23974 1 Create-project Manager Project 1 Create-project Manager 2024-11-21 5.4 Medium
Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags).
CVE-2020-23973 1 Kandnconcepts Club Cms Project 1 Kandnconcepts Club Cms 2024-11-21 9.8 Critical
KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter.
CVE-2020-23972 1 Gmapfp 1 Gmapfp 2024-11-21 7.5 High
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.
CVE-2020-23971 1 Gmapfp 1 Gmapfp 2024-11-21 7.5 High
gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.
CVE-2020-23968 1 Ilex 1 International Sign\&go 2024-11-21 7.8 High
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.
CVE-2020-23967 1 Drweb 1 Security Space 2024-11-21 7.8 High
Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.
CVE-2020-23962 1 Catfish-cms 1 Catfish Cms 2024-11-21 6.1 Medium
A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcement_gonggao" parameter.
CVE-2020-23960 1 Fork-cms 1 Fork Cms 2024-11-21 8.8 High
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale.
CVE-2020-23957 1 Pega 1 Pega Platform 2024-11-21 6.1 Medium
Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.
CVE-2020-23945 1 Victor Cms Project 1 Victor Cms 2024-11-21 7.5 High
A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database.