CWE-79 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42958 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-19703	1 Dzzoffice	1 Dzzoffice	2024-11-21	6.1 Medium
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-19683	1 Zzzcms	1 Zzzcms	2024-11-21	5.4 Medium
A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.
CVE-2020-19643	1 Insma	2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page.
CVE-2020-19626	1 Craftcms	1 Craft Cms	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
CVE-2020-19619	1 Mblog Project	1 Mblog	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
CVE-2020-19618	1 Mblog Project	1 Mblog	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
CVE-2020-19617	1 Mblog Project	1 Mblog	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.
CVE-2020-19616	1 Mblog Project	1 Mblog	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
CVE-2020-19611	1 Racktables Project	1 Racktables	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter.
CVE-2020-19587	1 Idera	1 Yellowfin Business Intelligence	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.
CVE-2020-19586	1 Yellowfinbi	1 Business Intelligence	2024-11-21	9.0 Critical
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.
CVE-2020-19554	1 Manageengine	1 Opmanager	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.
CVE-2020-19553	1 Wuzhicms	1 Wuzhicms	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
CVE-2020-19515	1 Qdpm	1 Qdpm	2024-11-21	6.1 Medium
qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.
CVE-2020-19511	1 Typesettercms	1 Typesetter	2024-11-21	6.1 Medium
Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes,
CVE-2020-19362	1 Vtiger	1 Vtiger Crm	2024-11-21	6.1 Medium
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
CVE-2020-19361	1 Medintux	1 Medintux	2024-11-21	6.1 Medium
Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
CVE-2020-19295	1 Jeesns	1 Jeesns	2024-11-21	6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19294	1 Jeesns	1 Jeesns	2024-11-21	5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.
CVE-2020-19293	1 Jeesns	1 Jeesns	2024-11-21	5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article.

« first previous Page 1786 of 2148. next last »