CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2020-35822 79 XSS 2020-12-30 2020-12-31
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
502 CVE-2020-35821 79 XSS 2020-12-30 2020-12-31
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR700 before 1.0.1.10.
503 CVE-2020-35820 79 XSS 2020-12-30 2020-12-31
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
504 CVE-2020-35819 79 XSS 2020-12-30 2020-12-31
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
505 CVE-2020-35818 79 XSS 2020-12-30 2021-01-04
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
506 CVE-2020-35817 79 XSS 2020-12-30 2020-12-31
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
507 CVE-2020-35816 79 XSS 2020-12-30 2020-12-31
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
508 CVE-2020-35815 79 XSS 2020-12-30 2020-12-31
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
509 CVE-2020-35814 79 XSS 2020-12-30 2021-01-04
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
510 CVE-2020-35813 79 XSS 2020-12-30 2021-01-04
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, XR700 before 1.0.1.10, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, and RAX120 before 1.0.0.78.
511 CVE-2020-35812 79 XSS 2020-12-30 2021-01-04
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
512 CVE-2020-35811 79 XSS 2020-12-30 2021-01-04
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
513 CVE-2020-35810 79 XSS 2020-12-30 2021-01-04
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
514 CVE-2020-35809 79 XSS 2020-12-30 2020-12-31
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
515 CVE-2020-35808 79 XSS 2020-12-30 2021-01-04
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.63, DM200 before 1.0.0.61, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.68, and WNR2000v5 before 1.0.0.66.
516 CVE-2020-35807 79 XSS 2020-12-30 2021-01-04
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78.
517 CVE-2020-35806 79 XSS 2020-12-30 2021-01-04
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78.
518 CVE-2020-35805 79 XSS 2020-12-30 2020-12-31
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
519 CVE-2020-35752 79 XSS 2021-03-10 2021-03-16
3.5
None Remote Medium ??? None Partial None
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.
520 CVE-2020-35748 79 XSS 2021-01-15 2021-01-21
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter.
521 CVE-2020-35727 79 XSS 2021-01-11 2021-01-11
3.5
None Remote Medium ??? None Partial None
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
522 CVE-2020-35724 79 XSS 2021-01-11 2021-01-11
3.5
None Remote Medium ??? None Partial None
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
523 CVE-2020-35723 79 XSS 2021-01-11 2021-01-11
3.5
None Remote Medium ??? None Partial None
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
524 CVE-2020-35721 79 XSS 2021-01-11 2021-01-11
3.5
None Remote Medium ??? None Partial None
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
525 CVE-2020-35720 79 XSS 2021-01-11 2021-01-11
3.5
None Remote Medium ??? None Partial None
** UNSUPPORTED WHEN ASSIGNED ** Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
526 CVE-2020-35717 79 Exec Code XSS 2021-01-01 2021-01-07
3.5
None Remote Medium ??? None Partial None
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).
527 CVE-2020-35707 79 XSS 2020-12-25 2020-12-28
3.5
None Remote Medium ??? None Partial None
Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen.
528 CVE-2020-35706 79 XSS 2020-12-25 2020-12-28
3.5
None Remote Medium ??? None Partial None
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen.
529 CVE-2020-35705 79 XSS 2020-12-25 2020-12-28
3.5
None Remote Medium ??? None Partial None
Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen.
530 CVE-2020-35704 79 XSS 2020-12-25 2020-12-28
3.5
None Remote Medium ??? None Partial None
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen.
531 CVE-2020-35677 79 XSS CSRF 2020-12-24 2020-12-28
3.5
None Remote Medium ??? None Partial None
BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The caveat here is that an attacker would need administrative privileges in order to create the payload. One might think this completely mitigates the privilege-escalation impact as there is only one high-privileged role. However, it was discovered that the endpoint responsible for creating the group lacks CSRF protection.
532 CVE-2020-35660 79 XSS 2021-04-14 2021-04-19
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.
533 CVE-2020-35592 79 XSS 2021-02-18 2021-02-24
3.5
None Remote Medium ??? None Partial None
Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie.
534 CVE-2020-35589 79 XSS 2020-12-21 2020-12-22
3.5
None Remote Medium ??? None Partial None
The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims.
535 CVE-2020-35582 79 XSS 2021-01-15 2021-01-15
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.
536 CVE-2020-35581 79 XSS 2021-01-15 2021-01-15
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.
537 CVE-2020-35563 79 XSS 2021-02-16 2021-02-19
3.5
None Remote Medium ??? None Partial None
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.
538 CVE-2020-35482 79 XSS 2021-02-03 2021-02-04
3.5
None Remote Medium ??? None Partial None
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.
539 CVE-2020-35418 79 XSS 2021-04-14 2021-04-19
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
540 CVE-2020-35391 416 +Info 2021-01-01 2021-01-07
3.3
None Local Network Low Not required Partial None None
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
541 CVE-2020-35349 79 XSS 2020-12-26 2020-12-29
3.5
None Remote Medium ??? None Partial None
Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page).
542 CVE-2020-35346 79 XSS 2020-12-26 2020-12-28
3.5
None Remote Medium ??? None Partial None
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.
543 CVE-2020-35328 79 XSS 2021-03-04 2021-03-04
3.5
None Remote Medium ??? None Partial None
Courier Management System 1.0 - 'First Name' Stored XSS
544 CVE-2020-35309 79 XSS 2021-01-26 2021-02-01
3.5
None Remote Medium ??? None Partial None
Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories".
545 CVE-2020-35275 79 XSS 2020-12-21 2020-12-21
3.5
None Remote Medium ??? None Partial None
Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application.
546 CVE-2020-35274 79 +Priv XSS 2020-12-21 2020-12-21
3.5
None Remote Medium ??? None Partial None
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.
547 CVE-2020-35272 79 XSS 2021-01-20 2021-01-27
3.5
None Remote Medium ??? None Partial None
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.
548 CVE-2020-35271 79 XSS 2021-01-20 2021-01-27
3.5
None Remote Medium ??? None Partial None
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields.
549 CVE-2020-35241 79 XSS 2020-12-30 2021-01-04
3.5
None Remote Medium ??? None Partial None
FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.
550 CVE-2020-35240 79 XSS 2020-12-30 2021-01-04
3.5
None Remote Medium ??? None Partial None
FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.