Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5283 | 1 Viewvc | 1 Viewvc | 2024-11-21 | 2.1 LOW | 3.1 LOW |
|
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be chall ...
Show More |
|||||
| CVE-2020-5278 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.3 MEDIUM | 4.1 MEDIUM |
|
In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5
|
|||||
| CVE-2020-5277 | 1 Prestashop | 1 Faceted Search Module | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
|
PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. The problem is fixed in 3.5.0
|
|||||
| CVE-2020-5276 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.3 MEDIUM | 4.1 MEDIUM |
|
In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5
|
|||||
| CVE-2020-5273 | 1 Prestashop | 1 Prestashop Linklist | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
|
In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0
|
|||||
| CVE-2020-5272 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.3 MEDIUM | 4.1 MEDIUM |
|
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5
|
|||||
| CVE-2020-5271 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.3 MEDIUM | 4.1 MEDIUM |
|
In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5
|
|||||
| CVE-2020-5269 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.3 MEDIUM | 4.1 MEDIUM |
|
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5
|
|||||
| CVE-2020-5267 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 3.5 LOW | 4.0 MEDIUM |
|
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
|
|||||
| CVE-2020-5266 | 1 Prestashop | 1 Prestashop Link | 2024-11-21 | 3.5 LOW | 4.4 MEDIUM |
|
In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. The problem is fixed in 3.1.0
|
|||||
| CVE-2020-5265 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.3 MEDIUM | 4.4 MEDIUM |
|
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.
|
|||||
| CVE-2020-5264 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.3 MEDIUM | 4.4 MEDIUM |
|
In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.
|
|||||
| CVE-2020-5241 | 1 Matestack | 1 Ui-core | 2024-11-21 | 3.5 LOW | 7.7 HIGH |
|
matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4.
|
|||||
| CVE-2020-5226 | 1 Simplesamlphp | 1 Simplesamlphp | 2024-11-21 | 3.5 LOW | 4.4 MEDIUM |
|
Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escap ...
Show More |
|||||
| CVE-2020-5223 | 1 Privatebin | 1 Privatebin | 2024-11-21 | 2.1 LOW | 6.1 MEDIUM |
|
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. The vulnerability has been fixed in PrivateBin v1.3.2 & v1.2.2. Admins are urged to upgrade to these versions to protect the affected users.
|
|||||
| CVE-2020-5195 | 1 Cerberusftp | 1 Ftp Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted b ...
Show More |
|||||
| CVE-2020-5193 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.
|
|||||
| CVE-2020-5191 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
|
|||||
| CVE-2020-5186 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).
|
|||||
| CVE-2020-5142 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
|
|||||
| CVE-2020-5031 | 1 Ibm | 6 Engineering Lifecycle Optimization, Engineering Workflow Management, Rational Collaborative Lifecycle Management and 3 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.
|
|||||
| CVE-2020-5030 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193737.
|
|||||
| CVE-2020-5004 | 1 Ibm | 9 Engineering Lifecycle Optimization - Engineering Insights, Engineering Requirements Quality Assistant On-premises, Engineering Test Management and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.
|
|||||
| CVE-2020-5000 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952.
|
|||||
| CVE-2020-4997 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192914
|
|||||
| CVE-2020-4987 | 1 Ibm | 2 Flashsystem 900, Flashsystem 900 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2020-4977 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192470.
|
|||||
| CVE-2020-4975 | 1 Ibm | 9 Doors Next, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435.
|
|||||
| CVE-2020-4935 | 2 Ibm, Microsoft | 2 Datacap Navigator, Windows | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191753.
|
|||||
| CVE-2020-4933 | 3 Ibm, Linux, Microsoft | 3 Jazz Reporting Service, Linux Kernel, Windows | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751.
|
|||||
| CVE-2020-4929 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191706.
|
|||||
| CVE-2020-4920 | 1 Ibm | 12 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 9 more | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.
|
|||||
| CVE-2020-4916 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.
|
|||||
| CVE-2020-4910 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274.
|
|||||
| CVE-2020-4909 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.
|
|||||
| CVE-2020-4895 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986.
|
|||||
| CVE-2020-4892 | 1 Ibm | 1 Emptoris Contract Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979.
|
|||||
| CVE-2020-4866 | 1 Ibm | 9 Doors Next, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742.
|
|||||
| CVE-2020-4865 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.
|
|||||
| CVE-2020-4863 | 1 Ibm | 9 Doors Next, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566.
|
|||||