Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-16270 | 1 Olimpoks | 1 Olimpok | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries.
|
|||||
| CVE-2020-16266 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it).
|
|||||
| CVE-2020-16255 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'
|
|||||
| CVE-2020-16246 | 1 Ge | 4 S2020, S2020 Firmware, S2024 and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.
|
|||||
| CVE-2020-16242 | 1 Ge | 4 S2020, S2020 Firmware, S2024 and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.
|
|||||
| CVE-2020-16210 | 1 Redlion | 4 N-tron 702-w, N-tron 702-w Firmware, N-tron 702m12-w and 1 more | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
|
The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions).
|
|||||
| CVE-2020-16206 | 1 Redlion | 4 N-tron 702-w, N-tron 702-w Firmware, N-tron 702m12-w and 1 more | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
|
The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions).
|
|||||
| CVE-2020-16193 | 1 Osticket | 1 Osticket | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.
|
|||||
| CVE-2020-16192 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
|
|||||
| CVE-2020-16157 | 1 Nagios | 1 Log Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu.
|
|||||
| CVE-2020-16145 | 2 Fedoraproject, Roundcube | 2 Fedora, Webmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
|
|||||
| CVE-2020-16140 | 1 Thembay | 1 Greenmart | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS.
|
|||||
| CVE-2020-16131 | 1 Tiki | 1 Tiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
|
|||||
| CVE-2020-16095 | 1 Kitodo | 1 Kitodo.presentation | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 allows XSS.
|
|||||
| CVE-2020-16046 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
|
|||||
| CVE-2020-16030 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
|
|||||
| CVE-2020-15952 | 1 Immuta | 1 Immuta | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
|
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based XSS.
|
|||||
| CVE-2020-15951 | 1 Immuta | 1 Immuta | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal credentials.
|
|||||
| CVE-2020-15948 | 1 Egain | 1 Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.
|
|||||
| CVE-2020-15944 | 1 Gantt-chart Project | 1 Gantt-chart | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation of user input, it is vulnerable to a persistent XSS attack. An attacker can embed the attack vectors in the dashboard of other users. To exploit this vulnerability, an attacker has to be authenticated.
|
|||||
| CVE-2020-15943 | 1 Gantt-chart Project | 1 Gantt-chart | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attacker has to be authenticated.
|
|||||
| CVE-2020-15940 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
|
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.
|
|||||
| CVE-2020-15937 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.
|
|||||
| CVE-2020-15930 | 1 Joplin Project | 1 Joplin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
|
|||||
| CVE-2020-15926 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side.
|
|||||
| CVE-2020-15919 | 1 Midasolutions | 1 Eframework | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.
|
|||||
| CVE-2020-15918 | 1 Midasolutions | 1 Eframework | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.
|
|||||
| CVE-2020-15914 | 1 Ea | 1 Origin Client | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’s Origin account, or to control or monitor the Origin text chat window.
|
|||||
| CVE-2020-15907 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript.
|
|||||
| CVE-2020-15902 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
|
|||||
| CVE-2020-15895 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.
|
|||||
| CVE-2020-15885 | 1 Munkireport Project | 1 Comment | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.
|
|||||
| CVE-2020-15883 | 1 Managedinstalls Project | 1 Managedinstalls | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported).
|
|||||
| CVE-2020-15881 | 1 Munki Facts Project | 1 Munki Facts | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name.
|
|||||
| CVE-2020-15870 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2).
|
|||||
| CVE-2020-15869 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2).
|
|||||
| CVE-2020-15864 | 1 Quali | 1 Cloudshell | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page.
|
|||||
| CVE-2020-15855 | 1 Redhat | 1 Bodhi | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.
|
|||||
| CVE-2020-15831 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
|
|||||
| CVE-2020-15830 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
|
|||||