CWE-79 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45894 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-23374	1 5none	1 Nonecms	2024-11-21	5.4 Medium
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23373	1 5none	1 Nonecms	2024-11-21	5.4 Medium
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23371	1 5none	1 Nonecms	2024-11-21	6.1 Medium
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
CVE-2020-23370	1 Yzmcms	1 Yzmcms	2024-11-21	5.4 Medium
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.
CVE-2020-23369	1 Yzmcms	1 Yzmcms	2024-11-21	6.1 Medium
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
CVE-2020-23341	1 Atutor	1 Atutor	2024-11-21	6.1 Medium
A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-23263	1 Fork-cms	1 Fork Cms	2024-11-21	6.1 Medium
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add.
CVE-2020-23243	1 Naviwebs	1 Navigatecms	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.
CVE-2020-23242	1 Naviwebs	1 Navigatecms	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
CVE-2020-23241	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
CVE-2020-23240	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
CVE-2020-23239	1 Textpattern	1 Textpattern	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
CVE-2020-23238	1 Evo	1 Evolution Cms	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.
CVE-2020-23234	1 Lavalite	1 Lavalite	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".
CVE-2020-23226	2 Cacti, Debian	2 Cacti, Debian Linux	2024-11-21	6.1 Medium
Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.
CVE-2020-23217	1 Phplist	1 Phplist	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module.
CVE-2020-23214	1 Phplist	1 Phplist	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module.
CVE-2020-23209	1 Phplist	1 Phplist	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module.
CVE-2020-23208	1 Phplist	1 Phplist	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module.
CVE-2020-23207	1 Phplist	1 Phplist	2024-11-21	5.4 Medium
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module.

« first previous Page 1961 of 2295. next last »