CWE-79 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42958 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-23835	1 Tailor Management System Project	1 Tailor Management System	2024-11-21	6.4 Medium
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.
CVE-2020-23832	1 Car Rental Management System Project	1 Car Rental Management System	2024-11-21	6.1 Medium
A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login.
CVE-2020-23831	1 Stock Management System Project	1 Stock Management System	2024-11-21	6.4 Medium
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials.
CVE-2020-23814	1 Xuxueli	1 Xxl-job	2024-11-21	6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
CVE-2020-23774	1 Winmail Project	1 Winmail	2024-11-21	6.1 Medium
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.
CVE-2020-23762	1 Larsens Calendar Project	1 Larsens Calendar	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.
CVE-2020-23761	1 Intelliants	1 Subrion	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.
CVE-2020-23754	1 Php-fusion	1 Phpfusion	2024-11-21	9.6 Critical
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.
CVE-2020-23721	1 Thedaylightstudio	1 Fuel Cms	2024-11-21	5.4 Medium
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.
CVE-2020-23719	1 Zibbs Project	1 Zibbs	2024-11-21	9.6 Critical
Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.
CVE-2020-23718	1 Zibbs Project	1 Zibbs	2024-11-21	9.6 Critical
Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php.
CVE-2020-23710	1 Limesurvey	1 Limesurvey	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature.
CVE-2020-23702	1 Php-fusion	1 Php-fusion	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php.
CVE-2020-23700	1 Lavalite	1 Lavalite	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature.
CVE-2020-23697	1 Monstra	1 Monstra Cms	2024-11-21	5.4 Medium
Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.
CVE-2020-23689	1 Yfcmf	1 Yfcmf	2024-11-21	4.8 Medium
In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page.
CVE-2020-23660	1 Webtareas Project	1 Webtareas	2024-11-21	5.4 Medium
webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search."
CVE-2020-23659	1 Webport	1 Web Port	2024-11-21	5.4 Medium
WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature.
CVE-2020-23658	1 Php-fusion	1 Php-fusion	2024-11-21	5.4 Medium
PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php.
CVE-2020-23657	1 Naviwebs	1 Navigatecms	2024-11-21	5.4 Medium
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."

« first previous Page 1773 of 2148. next last »