Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2244 | 1 Jenkins | 1 Build Failure Analyzer | 2020-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. | |||||
| CVE-2020-2246 | 1 Jenkins | 1 Valgrind | 2020-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents. | |||||
| CVE-2019-7092 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure . | |||||
| CVE-2015-8053 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052. | |||||
| CVE-2015-8052 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053. | |||||
| CVE-2015-0345 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-2248 | 1 Jenkins | 1 Jsgames | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2013-5326 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the logviewer directory. | |||||
| CVE-2014-0571 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-25121 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options. | |||||
| CVE-2020-25115 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. | |||||
| CVE-2020-25116 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. | |||||
| CVE-2020-25117 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. | |||||
| CVE-2020-25119 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual. | |||||
| CVE-2020-25120 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI. | |||||
| CVE-2020-25118 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. | |||||
| CVE-2020-25123 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. | |||||
| CVE-2020-25122 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager. | |||||
| CVE-2020-25124 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI. | |||||
| CVE-2020-23814 | 1 Xuxueli | 1 Xxl-job | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file. | |||||
| CVE-2012-3341 | 1 Ibm | 1 Infosphere Guardium | 2020-09-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 78294. | |||||
| CVE-2020-3466 | 1 Cisco | 1 Dna Center | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2020-24314 | 1 Rss Feed Widget Project | 1 Rss Feed Widget | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | |||||
| CVE-2020-24313 | 1 Etoilewebdesign | 1 Ultimate Appointment Booking \& Scheduling | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | |||||
| CVE-2020-24917 | 1 Osticket | 1 Osticket | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php. | |||||
| CVE-2020-15154 | 1 Basercms | 1 Basercms | 2020-09-03 | 2.1 LOW | 7.3 HIGH |
| baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7. | |||||
| CVE-2020-13655 | 1 O-dyn | 1 Collabtive | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected. | |||||
| CVE-2020-15155 | 1 Basercms | 1 Basercms | 2020-09-03 | 2.1 LOW | 7.3 HIGH |
| baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7. | |||||
| CVE-2020-15159 | 1 Basercms | 1 Basercms | 2020-09-03 | 4.6 MEDIUM | 7.6 HIGH |
| baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7. | |||||
| CVE-2020-25086 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php. | |||||
| CVE-2020-25090 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php. | |||||
| CVE-2020-25089 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php. | |||||
| CVE-2020-25087 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php. | |||||
| CVE-2020-25092 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel. | |||||
| CVE-2020-25088 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php. | |||||
| CVE-2020-25093 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel. | |||||
| CVE-2020-25091 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php. | |||||
| CVE-2020-23831 | 1 Stock Management System Project | 1 Stock Management System | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials. | |||||
| CVE-2020-23974 | 1 Create-project Manager Project | 1 Create-project Manager | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags). | |||||
| CVE-2020-16193 | 1 Osticket | 1 Osticket | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. | |||||
| CVE-2020-7309 | 1 Mcafee | 1 Application And Change Control | 2020-09-02 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. | |||||
| CVE-2020-23977 | 1 Kandnconcepts Club Cms Project | 1 Kandnconcepts Club Cms | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter. | |||||
| CVE-2020-3491 | 1 Cisco | 1 Vision Dynamic Signage Director | 2020-09-02 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected device. | |||||
| CVE-2020-23984 | 1 Online Hotel Booking System Pro Project | 1 Online Hotel Booking System Pro | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. | |||||
| CVE-2020-23576 | 1 Laborator | 1 Neon | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab. | |||||
| CVE-2020-24390 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. | |||||
| CVE-2020-23982 | 1 Designmasterevents | 1 Conference Management Cms | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php' | |||||
| CVE-2020-23983 | 1 Ichat Project | 1 Ichat | 2020-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags. | |||||
| CVE-2019-5320 | 1 Arubanetworks | 12 2530, 2530 Firmware, 2540 and 9 more | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code. | |||||
| CVE-2020-5927 | 1 F5 | 1 Big-ip Application Security Manager | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting. | |||||