CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2020-10684 94 2020-03-24 2020-06-13
3.6
None Local Low Not required None Partial Partial
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.
1152 CVE-2020-10681 79 XSS 2020-03-20 2020-03-25
3.5
None Remote Medium ??? None Partial None
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
1153 CVE-2020-10643 79 XSS 2020-07-27 2020-08-05
3.5
None Remote Medium ??? None Partial None
An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component.
1154 CVE-2020-10614 79 XSS 2020-07-25 2020-08-05
3.5
None Remote Medium ??? None Partial None
In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display.
1155 CVE-2020-10602 476 2020-07-24 2020-08-05
3.5
None Remote Medium ??? None None Partial
In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive.
1156 CVE-2020-10598 200 +Info 2020-04-01 2020-04-03
3.6
None Local Low Not required Partial Partial None
In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data.
1157 CVE-2020-10596 79 XSS 2020-03-17 2020-06-03
3.5
None Remote Medium ??? None Partial None
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.
1158 CVE-2020-10570 287 Bypass 2020-03-24 2020-03-26
3.6
None Local Low Not required Partial Partial None
The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature.
1159 CVE-2020-10477 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
1160 CVE-2020-10476 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
1161 CVE-2020-10475 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
1162 CVE-2020-10474 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
1163 CVE-2020-10473 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
1164 CVE-2020-10472 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
1165 CVE-2020-10471 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
1166 CVE-2020-10470 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
1167 CVE-2020-10469 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
1168 CVE-2020-10468 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
1169 CVE-2020-10467 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
1170 CVE-2020-10466 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
1171 CVE-2020-10465 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
1172 CVE-2020-10464 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
1173 CVE-2020-10463 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
1174 CVE-2020-10462 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
1175 CVE-2020-10456 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload.
1176 CVE-2020-10455 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload.
1177 CVE-2020-10454 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload.
1178 CVE-2020-10453 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload.
1179 CVE-2020-10452 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mark (?) followed by the payload.
1180 CVE-2020-10451 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-user.php by adding a question mark (?) followed by the payload.
1181 CVE-2020-10450 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-traffic.php by adding a question mark (?) followed by the payload.
1182 CVE-2020-10449 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question mark (?) followed by the payload.
1183 CVE-2020-10448 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php by adding a question mark (?) followed by the payload.
1184 CVE-2020-10447 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-failed-login.php by adding a question mark (?) followed by the payload.
1185 CVE-2020-10446 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-category.php by adding a question mark (?) followed by the payload.
1186 CVE-2020-10445 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question mark (?) followed by the payload.
1187 CVE-2020-10444 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-rated.php by adding a question mark (?) followed by the payload.
1188 CVE-2020-10443 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-printed.php by adding a question mark (?) followed by the payload.
1189 CVE-2020-10442 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-popular.php by adding a question mark (?) followed by the payload.
1190 CVE-2020-10441 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-monthly.php by adding a question mark (?) followed by the payload.
1191 CVE-2020-10440 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-mailed.php by adding a question mark (?) followed by the payload.
1192 CVE-2020-10439 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-discussed.php by adding a question mark (?) followed by the payload.
1193 CVE-2020-10438 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/reply-ticket.php by adding a question mark (?) followed by the payload.
1194 CVE-2020-10437 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/optimize-database.php by adding a question mark (?) followed by the payload.
1195 CVE-2020-10436 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-profile.php by adding a question mark (?) followed by the payload.
1196 CVE-2020-10435 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-languages.php by adding a question mark (?) followed by the payload.
1197 CVE-2020-10434 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-versions.php by adding a question mark (?) followed by the payload.
1198 CVE-2020-10433 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-users.php by adding a question mark (?) followed by the payload.
1199 CVE-2020-10432 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-tickets.php by adding a question mark (?) followed by the payload.
1200 CVE-2020-10431 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-templates.php by adding a question mark (?) followed by the payload.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.