CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1201 CVE-2020-10430 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-subscribers.php by adding a question mark (?) followed by the payload.
1202 CVE-2020-10429 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-settings.php by adding a question mark (?) followed by the payload.
1203 CVE-2020-10428 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-news.php by adding a question mark (?) followed by the payload.
1204 CVE-2020-10427 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-languages.php by adding a question mark (?) followed by the payload.
1205 CVE-2020-10426 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-groups.php by adding a question mark (?) followed by the payload.
1206 CVE-2020-10425 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-glossary.php by adding a question mark (?) followed by the payload.
1207 CVE-2020-10424 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-fields.php by adding a question mark (?) followed by the payload.
1208 CVE-2020-10423 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-feedbacks.php by adding a question mark (?) followed by the payload.
1209 CVE-2020-10422 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-drafts.php by adding a question mark (?) followed by the payload.
1210 CVE-2020-10421 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload.
1211 CVE-2020-10420 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php by adding a question mark (?) followed by the payload.
1212 CVE-2020-10419 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-categories.php by adding a question mark (?) followed by the payload.
1213 CVE-2020-10418 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-attachments.php by adding a question mark (?) followed by the payload.
1214 CVE-2020-10417 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-articles.php by adding a question mark (?) followed by the payload.
1215 CVE-2020-10416 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/kb-backup.php by adding a question mark (?) followed by the payload.
1216 CVE-2020-10415 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index.php by adding a question mark (?) followed by the payload.
1217 CVE-2020-10414 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index-attachments.php by adding a question mark (?) followed by the payload.
1218 CVE-2020-10413 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-html.php by adding a question mark (?) followed by the payload.
1219 CVE-2020-10412 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-csv.php by adding a question mark (?) followed by the payload.
1220 CVE-2020-10411 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/email-harvester.php by adding a question mark (?) followed by the payload.
1221 CVE-2020-10410 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-user.php by adding a question mark (?) followed by the payload.
1222 CVE-2020-10409 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-template.php by adding a question mark (?) followed by the payload.
1223 CVE-2020-10408 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-subscriber.php by adding a question mark (?) followed by the payload.
1224 CVE-2020-10407 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-news.php by adding a question mark (?) followed by the payload.
1225 CVE-2020-10406 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-group.php by adding a question mark (?) followed by the payload.
1226 CVE-2020-10405 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-glossary.php by adding a question mark (?) followed by the payload.
1227 CVE-2020-10404 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-field.php by adding a question mark (?) followed by the payload.
1228 CVE-2020-10403 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-comment.php by adding a question mark (?) followed by the payload.
1229 CVE-2020-10402 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-category.php by adding a question mark (?) followed by the payload.
1230 CVE-2020-10401 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload.
1231 CVE-2020-10400 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/article-collaboration.php by adding a question mark (?) followed by the payload.
1232 CVE-2020-10399 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-user.php by adding a question mark (?) followed by the payload.
1233 CVE-2020-10398 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload.
1234 CVE-2020-10397 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-news.php by adding a question mark (?) followed by the payload.
1235 CVE-2020-10396 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload.
1236 CVE-2020-10395 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload.
1237 CVE-2020-10394 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload.
1238 CVE-2020-10393 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload.
1239 CVE-2020-10392 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload.
1240 CVE-2020-10391 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload.
1241 CVE-2020-10385 79 XSS 2020-03-24 2020-03-25
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.
1242 CVE-2020-10372 79 XSS 2020-03-10 2020-03-12
3.5
None Remote Medium ??? None Partial None
Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI.
1243 CVE-2020-10268 2020-06-16 2020-06-23
3.6
None Local Low Not required None Partial Partial
Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs.
1244 CVE-2020-10236 20 2020-03-09 2020-03-09
3.6
None Local Low Not required Partial None Partial
An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.
1245 CVE-2020-10206 798 2020-12-30 2021-01-14
3.6
None Local Low Not required Partial Partial None
Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device.
1246 CVE-2020-10203 79 XSS 2020-04-01 2020-04-02
3.5
None Remote Medium ??? None Partial None
Sonatype Nexus Repository before 3.21.2 allows XSS.
1247 CVE-2020-10191 79 XSS 2020-03-09 2020-03-10
3.5
None Remote Medium ??? None Partial None
An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail.
1248 CVE-2020-10146 79 Exec Code XSS +Info 2020-12-09 2020-12-10
3.5
None Remote Medium ??? None Partial None
The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for all Teams users in the online service on or around October 2020.
1249 CVE-2020-10107 79 XSS 2020-03-05 2020-03-05
3.5
None Remote Medium ??? None Partial None
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php.
1250 CVE-2020-10103 79 Exec Code XSS 2020-03-05 2020-03-05
3.5
None Remote Medium ??? None Partial None
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens a specially crafted link to the uploaded file with an active Zammad session.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.