Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13487 | 1 Bbpress | 1 Bbpress | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.
|
|||||
| CVE-2020-13483 | 1 Bitrix24 | 1 Bitrix24 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
|
|||||
| CVE-2020-13480 | 1 Verint | 1 Workforce Optimization | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.
|
|||||
| CVE-2020-13476 | 1 Nchsoftware | 1 Express Invoice | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
|
|||||
| CVE-2020-13459 | 1 Verbb | 1 Image Resizer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
|
|||||
| CVE-2020-13430 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
|
|||||
| CVE-2020-13429 | 1 Grafana | 1 Piechart-panel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.
|
|||||
| CVE-2020-13427 | 1 Victorcms Project | 1 Victorcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter.
|
|||||
| CVE-2020-13423 | 1 Form Builder For Magento 2 Project | 1 Form Builder For Magento 2 | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header.
|
|||||
| CVE-2020-13418 | 1 Openiam | 1 Openiam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.
|
|||||
| CVE-2020-13409 | 1 Tufin | 1 Securetrack | 2024-11-21 | 2.3 LOW | 5.9 MEDIUM |
|
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin acces ...
Show More |
|||||
| CVE-2020-13408 | 1 Tufin | 1 Securetrack | 2024-11-21 | 2.3 LOW | 5.9 MEDIUM |
|
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin acces ...
Show More |
|||||
| CVE-2020-13407 | 1 Tufin | 1 Securetrack | 2024-11-21 | 2.3 LOW | 5.9 MEDIUM |
|
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin acces ...
Show More |
|||||
| CVE-2020-13345 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes
|
|||||
| CVE-2020-13340 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
|
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
|
|||||
| CVE-2020-13339 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.0 MEDIUM | 5.5 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.
|
|||||
| CVE-2020-13338 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.
|
|||||
| CVE-2020-13337 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 7.2 HIGH |
|
An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name.
|
|||||
| CVE-2020-13336 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 4.0 MEDIUM |
|
An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature.
|
|||||
| CVE-2020-13331 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges.
|
|||||
| CVE-2020-13330 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 4.4 MEDIUM |
|
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature.
|
|||||
| CVE-2020-13329 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature.
|
|||||
| CVE-2020-13328 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API.
|
|||||
| CVE-2020-13301 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page.
|
|||||
| CVE-2020-13288 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page
|
|||||
| CVE-2020-13285 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 7.3 HIGH |
|
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.
|
|||||
| CVE-2020-13283 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 7.3 HIGH |
|
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.
|
|||||
| CVE-2020-13278 | 1 Rosariosis | 1 Student Information System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request.
|
|||||
| CVE-2020-13271 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
|
|||||
| CVE-2020-13269 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1
|
|||||
| CVE-2020-13267 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1
|
|||||
| CVE-2020-13260 | 1 Rad | 2 Secflow-1v, Secflow-1v Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259 ...
Show More |
|||||
| CVE-2020-13258 | 1 Contentful | 1 Python Example | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py.
|
|||||
| CVE-2020-13248 | 1 Boolebox | 1 Boolebox | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx.
|
|||||
| CVE-2020-13239 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.
|
|||||
| CVE-2020-13228 | 1 Sysax | 1 Multi Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
|
|||||
| CVE-2020-13225 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
|
|||||
| CVE-2020-13183 | 1 Teradici | 1 Pcoip Management Console | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload.
|
|||||
| CVE-2020-13176 | 1 Teradici | 2 Cloud Access Connector, Cloud Access Connector Legacy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.
|
|||||
| CVE-2020-13169 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
|
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).
|
|||||