Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28001 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
|
|||||
| CVE-2020-27991 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).
|
|||||
| CVE-2020-27990 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).
|
|||||
| CVE-2020-27989 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
|
|||||
| CVE-2020-27988 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).
|
|||||
| CVE-2020-27982 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IceWarp 11.4.5.0 allows XSS via the language parameter.
|
|||||
| CVE-2020-27980 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users.
|
|||||
| CVE-2020-27974 | 1 Quadient | 1 Mail Accounting | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS.
|
|||||
| CVE-2020-27957 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension.
|
|||||
| CVE-2020-27885 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of the victim while the hacker maintains access.
|
|||||
| CVE-2020-27852 | 1 Rocketgenius | 1 Gravityforms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
|
|||||
| CVE-2020-27851 | 1 Rocketgenius | 1 Gravityforms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
|
|||||
| CVE-2020-27850 | 1 Rocketgenius | 1 Gravityforms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
|
|||||
| CVE-2020-27832 | 1 Redhat | 1 Quay | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
|
A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
|||||
| CVE-2020-27741 | 1 Citadel | 1 Webcit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
|
|||||
| CVE-2020-27735 | 1 Wftpserver | 1 Wing Ftp Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.
|
|||||
| CVE-2020-27726 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.
|
|||||
| CVE-2020-27719 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
|
|||||
| CVE-2020-27691 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.
|
|||||
| CVE-2020-27666 | 1 Strapi | 1 Strapi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature.
|
|||||
| CVE-2020-27659 | 1 Synology | 1 Safeaccess | 2024-11-21 | 3.5 LOW | 8.4 HIGH |
|
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
|
|||||
| CVE-2020-27642 | 1 Bigbluebutton | 1 Greenlight | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6.
|
|||||
| CVE-2020-27620 | 1 Mediawiki | 1 Skin\ | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
|
|||||
| CVE-2020-27608 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
|
|||||
| CVE-2020-27576 | 1 Maxum | 1 Rumpus | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-27533 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.
|
|||||
| CVE-2020-27515 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field.
|
|||||
| CVE-2020-27509 | 1 Galaxkey | 1 Galaxkey | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox.
|
|||||
| CVE-2020-27478 | 2024-11-21 | N/A | 7.1 HIGH | ||
|
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature.
|
|||||
| CVE-2020-27459 | 1 Chronoengine | 1 Chronoforums | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.
|
|||||
| CVE-2020-27449 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.
|
|||||
| CVE-2020-27428 | 1 Mit | 1 Scratch-svg-renderer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file.
|
|||||
| CVE-2020-27409 | 1 Os4ed | 1 Opensis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.
|
|||||
| CVE-2020-27406 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
|
|||||
| CVE-2020-27388 | 1 Yourls | 1 Yourls | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.
|
|||||
| CVE-2020-27377 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts.
|
|||||
| CVE-2020-27366 | 1 Humaxdigital | 2 Hgb10r-02, Hgb10r-02 Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code.
|
|||||
| CVE-2020-27359 | 1 Evms | 1 Redcap | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a message and send it to anyone on the platform including admins. The XSS payload would execute on the other account without interaction from the user on several pages.
|
|||||
| CVE-2020-27356 | 1 Debug Meta Data Project | 1 Debug Meta Data | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The debug-meta-data plugin 1.1.2 for WordPress allows XSS.
|
|||||
| CVE-2020-27344 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.
|
|||||