Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6184 | 1 Sap | 2 Netweaver, S\/4hana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2020-6171 | 1 Communilink | 1 Clink Office | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
|
|||||
| CVE-2020-6163 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).
|
|||||
| CVE-2020-6159 | 1 Opera | 1 Opera | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.
|
|||||
| CVE-2020-5950 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.
|
|||||
| CVE-2020-5948 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.
|
|||||
| CVE-2020-5945 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 8.5 HIGH | 8.4 HIGH |
|
In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin.
|
|||||
| CVE-2020-5940 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.
|
|||||
| CVE-2020-5932 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened.
|
|||||
| CVE-2020-5927 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting.
|
|||||
| CVE-2020-5915 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust.
|
|||||
| CVE-2020-5905 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 6.0 MEDIUM | 4.3 MEDIUM |
|
In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display.
|
|||||
| CVE-2020-5903 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
|
|||||
| CVE-2020-5901 | 1 F5 | 1 Nginx Controller | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
|
In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.
|
|||||
| CVE-2020-5889 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client.
|
|||||
| CVE-2020-5853 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict.
|
|||||
| CVE-2020-5843 | 1 Codologic | 1 Codoforum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.
|
|||||
| CVE-2020-5842 | 1 Codologic | 1 Codoforum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.
|
|||||
| CVE-2020-5838 | 1 Symantec | 1 It Analytics | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users.
|
|||||
| CVE-2020-5810 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.
|
|||||
| CVE-2020-5809 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.
|
|||||
| CVE-2020-5785 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter.
|
|||||
| CVE-2020-5781 | 1 Ignitenet | 1 Helios Glinq | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users.
|
|||||
| CVE-2020-5769 | 1 Teltonika-networks | 2 Gateway Trb245, Gateway Trb245 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section.
|
|||||
| CVE-2020-5765 | 1 Tenable | 1 Nessus | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue in Nessus 8.11.0.
|
|||||
| CVE-2020-5751 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.
|
|||||
| CVE-2020-5750 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
|
|||||
| CVE-2020-5749 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group.
|
|||||
| CVE-2020-5748 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
|
|||||
| CVE-2020-5747 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
|
|||||
| CVE-2020-5746 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
|
|||||
| CVE-2020-5737 | 1 Tenable | 1 Tenable.sc | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue.
|
|||||
| CVE-2020-5731 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting.
|
|||||
| CVE-2020-5730 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting.
|
|||||
| CVE-2020-5729 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this issue.
|
|||||
| CVE-2020-5728 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). There is insufficient validation for this parameter, which allows for the possibility of cross-site scripting.
|
|||||
| CVE-2020-5678 | 1 Weseek | 1 Growi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.
|
|||||
| CVE-2020-5677 | 1 Weseek | 1 Growi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.
|
|||||
| CVE-2020-5669 | 1 Sixapart | 1 Movable Type | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
|
|||||
| CVE-2020-5663 | 1 Riken | 1 Xoonips | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
|
Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors.
|
|||||