Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11783 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11782 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11781 | 1 Netgear | 22 D7800, D7800 Firmware, R7500 and 19 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11780 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11779 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11778 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11777 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11776 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11775 | 1 Netgear | 34 D7800, D7800 Firmware, R7500 and 31 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11774 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11773 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11772 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11771 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11769 | 1 Netgear | 32 D7800, D7800 Firmware, R7500 and 29 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11768 | 1 Netgear | 34 D7800, D7800 Firmware, R7500 and 31 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
|
|||||
| CVE-2020-11749 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 8.5 HIGH | 9.0 CRITICAL |
|
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
|
|||||
| CVE-2020-11737 | 1 Zimbra | 1 Zimbra | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2.
|
|||||
| CVE-2020-11734 | 1 Cybersolutions | 1 Cybermail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the ACTION parameter.
|
|||||
| CVE-2020-11731 | 1 Davidlingren | 1 Media Library Assistant | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript.
|
|||||
| CVE-2020-11727 | 1 Algolplus | 1 Advanced Order Export For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter.
|
|||||
| CVE-2020-11714 | 1 Etentech | 2 Psg-6528vm, Psg-6528vm Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Location.
|
|||||
| CVE-2020-11712 | 1 Open Upload Project | 1 Open Upload | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field.
|
|||||
| CVE-2020-11711 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | N/A | 4.8 MEDIUM |
|
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authen ...
Show More |
|||||
| CVE-2020-11704 | 1 Provideserver | 1 Provide Ftp Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter.
|
|||||
| CVE-2020-11702 | 1 Provideserver | 1 Provide Ftp Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter. Share is Reflected via the target parameter. Share is Stored via the displayname parameter. Waitedit is Reflected via the Host header.
|
|||||
| CVE-2020-11697 | 1 Combodo | 1 Itop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
|
|||||
| CVE-2020-11696 | 1 Combodo | 1 Itop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
|
|||||
| CVE-2020-11626 | 1 Primekey | 1 Ejbca | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting (XSS) vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets.
|
|||||
| CVE-2020-11584 | 2 Linux, Plesk | 2 Linux Kernel, Onyx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
|
|||||
| CVE-2020-11583 | 2 Microsoft, Plesk | 2 Windows, Obsidian | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
|
|||||
| CVE-2020-11556 | 1 Castlerock | 1 Snmpc Online | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities.
|
|||||
| CVE-2020-11516 | 1 Contact-form-7-datepicker Project | 1 Contact-form-7-datepicker | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter. If an administrator creates or modifies a contact form, the JavaScript will be executed in their browser, which can then be used to create new administrative users or perform other actions using the administrator's session.
|
|||||
| CVE-2020-11512 | 1 Idxbroker | 1 Impress For Idx Broker | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_recaptcha_site_key parameter, which would then be executed in the browser of any administrator visiting the panel. This could be used to create new administrator-level accounts.
|
|||||
| CVE-2020-11509 | 1 Wpleadplus | 1 Wp Lead Plus X | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page).
|
|||||
| CVE-2020-11508 | 1 Wpleadplus | 1 Wp Lead Plus X | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action.
|
|||||
| CVE-2020-11499 | 1 Firmware Analysis And Comparison Tool Project | 1 Firmware Analysis And Comparison Tool | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFunctions/mongo_task_conversion.py.
|
|||||
| CVE-2020-11457 | 1 Netgate | 1 Pfsense | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
|
|||||
| CVE-2020-11456 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
|
|||||
| CVE-2020-11454 | 1 Microstrategy | 1 Microstrategy Web | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the application.
|
|||||
| CVE-2020-11448 | 1 Bell | 2 Home Hub 3000, Home Hub 3000 Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There is XSS related to the email field and the login page.
|
|||||