Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10989 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2020-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter. | |||||
| CVE-2020-4364 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2020-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178961. | |||||
| CVE-2020-4513 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2020-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182368. | |||||
| CVE-2020-6278 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-07-14 | 3.5 LOW | 5.4 MEDIUM |
| SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting | |||||
| CVE-2020-6276 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | |||||
| CVE-2020-6281 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting. | |||||
| CVE-2020-7140 | 3 Hp, Microsoft, Redhat | 4 Icewall Sso Dfw, Icewall Sso Dgfw, Windows and 1 more | 2020-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess | |||||
| CVE-2020-14164 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field. | |||||
| CVE-2019-20900 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-13 | 3.5 LOW | 4.8 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0. | |||||
| CVE-2020-4021 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-13 | 3.5 LOW | 5.4 MEDIUM |
| Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view. | |||||
| CVE-2020-8198 | 1 Citrix | 11 4000-wo, 4100-wo, 5000-wo and 8 more | 2020-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS). | |||||
| CVE-2020-8191 | 1 Citrix | 11 4000-wo, 4100-wo, 5000-wo and 8 more | 2020-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS). | |||||
| CVE-2020-15538 | 1 We-com | 1 Municipality Portal Cms | 2020-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar. | |||||
| CVE-2020-15514 | 1 Jh Captcha Project | 1 Jh Captcha | 2020-07-13 | 3.5 LOW | 5.4 MEDIUM |
| The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS. | |||||
| CVE-2020-15517 | 1 Faceted Search Project | 1 Faceted Search | 2020-07-13 | 3.5 LOW | 5.4 MEDIUM |
| The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS. | |||||
| CVE-2020-15573 | 1 Solarwinds | 1 Serv-u | 2020-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421. | |||||
| CVE-2020-15575 | 1 Solarwinds | 1 Serv-u | 2020-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194. | |||||
| CVE-2019-10846 | 1 Computrols | 1 Computrols Building Automation System | 2020-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter. | |||||
| CVE-2020-15299 | 1 King-theme | 1 Kingcomposer | 2020-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim's browser. | |||||
| CVE-2020-15536 | 1 Online Hotel Booking System Project | 1 Online Hotel Booking System | 2020-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields. | |||||
| CVE-2012-0895 | 2 Tom Braider, Wordpress | 2 Count Per Day, Wordpress | 2020-07-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. | |||||
| CVE-2012-3434 | 2 Tom Braider, Wordpress | 2 Count Per Day, Wordpress | 2020-07-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter. | |||||
| CVE-2019-13345 | 2 Debian, Squid-cache | 2 Debian Linux, Squid | 2020-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. | |||||
| CVE-2020-7691 | 1 Parall | 1 Jspdf | 2020-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex. | |||||
| CVE-2020-8176 | 1 Shopify | 1 Koa-shopify-auth | 2020-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint. | |||||
| CVE-2020-13992 | 1 Mods-for-hesk | 1 Mods For Hesk | 2020-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket. | |||||
| CVE-2020-15036 | 1 Nedi | 1 Nedi | 2020-07-10 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter. | |||||
| CVE-2020-15037 | 1 Nedi | 1 Nedi | 2020-07-10 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter. | |||||
| CVE-2020-5901 | 1 F5 | 1 Nginx Controller | 2020-07-10 | 9.3 HIGH | 9.6 CRITICAL |
| In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system. | |||||
| CVE-2020-9414 | 1 Tibco | 2 Managed File Transfer Command Center, Managed File Transfer Internet Server | 2020-07-10 | 9.0 HIGH | 8.8 HIGH |
| The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below. | |||||
| CVE-2020-15073 | 1 Phplist | 1 Phplist | 2020-07-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section. | |||||
| CVE-2020-15537 | 1 Vanguard Project | 1 Vanguard | 2020-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box. | |||||
| CVE-2020-9413 | 1 Tibco | 2 Managed File Transfer Command Center, Managed File Transfer Internet Server | 2020-07-10 | 9.3 HIGH | 9.6 CRITICAL |
| The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system. If the attacker convinces an authenticated user with a currently active session to enter or click on the URL the commands will be executed on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below. | |||||
| CVE-2017-6397 | 1 Flightairmap | 1 Flightairmap | 2020-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several *-sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6394 | 1 Open-emr | 1 Openemr | 2020-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to the "openemr-master/gacl/admin/object_search.php" URL (section_value; src_form). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2020-13653 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature. | |||||
| CVE-2020-4022 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type. | |||||
| CVE-2020-4024 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-09 | 3.5 LOW | 5.4 MEDIUM |
| The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type. | |||||
| CVE-2020-4025 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-09 | 3.5 LOW | 4.8 MEDIUM |
| The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type. | |||||
| CVE-2020-14173 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-09 | 3.5 LOW | 5.4 MEDIUM |
| The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. | |||||
| CVE-2020-3340 | 1 Cisco | 1 Identity Services Engine | 2020-07-09 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need valid administrative credentials. | |||||
| CVE-2020-3282 | 1 Cisco | 3 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unity Connection | 2020-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | |||||
| CVE-2020-14169 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability | |||||
| CVE-2020-15599 | 1 Victor Cms Project | 1 Victor Cms | 2020-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field. | |||||
| CVE-2020-2201 | 1 Jenkins | 1 Sonargraph Integration | 2020-07-09 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2206 | 1 Jenkins | 1 Vncrecorder | 2020-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2020-15028 | 1 Nedi | 1 Nedi | 2020-07-09 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter. | |||||
| CVE-2020-15031 | 1 Nedi | 1 Nedi | 2020-07-09 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter. | |||||
| CVE-2020-15030 | 1 Nedi | 1 Nedi | 2020-07-09 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter. | |||||
| CVE-2020-15029 | 1 Nedi | 1 Nedi | 2020-07-09 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter. | |||||