Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24669 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.
|
|||||
| CVE-2020-24668 | 1 Tracefinancial | 1 Crestbridge | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03.
|
|||||
| CVE-2020-24666 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1
|
|||||
| CVE-2020-24664 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.
|
|||||
| CVE-2020-24663 | 1 Tracefinanacial | 1 Crestbridge | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03.
|
|||||
| CVE-2020-24662 | 1 Smartstream | 1 Transaction Lifecycle Management Reconciliations-premium | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS. This was fixed in TLM RP 3.1.0.
|
|||||
| CVE-2020-24627 | 1 Hpe | 2 Kvm Ip Console Switch G2, Kvm Ip Console Switch G2 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.
|
|||||
| CVE-2020-24609 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload.
|
|||||
| CVE-2020-24604 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in server-properties.jsp and security-audit-viewer.jsp
|
|||||
| CVE-2020-24602 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in the Server Properties and Security Audit Viewer JSP page
|
|||||
| CVE-2020-24601 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
|
|||||
| CVE-2020-24599 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.
|
|||||
| CVE-2020-24594 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.
|
|||||
| CVE-2020-24582 | 1 Zulipchat | 1 Zulip Desktop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
|
|||||
| CVE-2020-24553 | 4 Fedoraproject, Golang, Opensuse and 1 more | 4 Fedora, Go, Leap and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
|
|||||
| CVE-2020-24445 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
|
AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2020-24443 | 1 Adobe | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2020-24442 | 1 Adobe | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2020-24416 | 1 Adobe | 1 Marketo Sales Insight | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2020-24408 | 1 Magento | 1 Magento | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file.
|
|||||
| CVE-2020-24390 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording.
|
|||||
| CVE-2020-24353 | 1 Pega | 1 Pega Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header.
|
|||||
| CVE-2020-24316 | 1 Admin Menu Project | 1 Admin Menu | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.
|
|||||
| CVE-2020-24314 | 1 Rss Feed Widget Project | 1 Rss Feed Widget | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.
|
|||||
| CVE-2020-24313 | 1 Etoilewebdesign | 1 Ultimate Appointment Booking \& Scheduling | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.
|
|||||
| CVE-2020-24303 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
|
|||||
| CVE-2020-24301 | 1 Hapifhir | 1 Testpage Overlay | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believed to be widely used for any production purposes.
|
|||||
| CVE-2020-24223 | 1 Mara Cms Project | 1 Mara Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.
|
|||||
| CVE-2020-24198 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.'
|
|||||
| CVE-2020-24194 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter.
|
|||||
| CVE-2020-24188 | 1 Unitedplanet | 1 Intrexx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter.
|
|||||
| CVE-2020-24145 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action.
|
|||||
| CVE-2020-24138 | 1 Wcms | 1 Wcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.
|
|||||
| CVE-2020-24135 | 1 Wcms | 1 Wcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.
|
|||||
| CVE-2020-24104 | 1 Pix-link | 2 Lv-wr07, Lv-wr07 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter.
|
|||||
| CVE-2020-24085 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code.
|
|||||
| CVE-2020-24075 | 1 Laborator | 1 Kalium | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2020-24026 | 1 Tinyshop Project | 1 Tinyshop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scripting (XSS) or information disclosure.
|
|||||
| CVE-2020-23992 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.
|
|||||
| CVE-2020-23989 | 1 Nedi | 1 Nedi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
NeDi 1.9C allows pwsec.php oid XSS.
|
|||||