Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9522 | 1 Microfocus | 1 Arcsight Enterprise Security Manager Express | 2020-06-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | |||||
| CVE-2020-13652 | 1 Digdash | 1 Digdash | 2020-06-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. A cross-site scripting (XSS) vulnerability exists in the login menu. | |||||
| CVE-2020-11838 | 1 Microfocus | 1 Arcsight Management Center | 2020-06-19 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | |||||
| CVE-2020-14462 | 1 Mitre | 1 Caldera | 2020-06-19 | 3.5 LOW | 5.4 MEDIUM |
| CALDERA 2.7.0 allows XSS via the Operation Name box. | |||||
| CVE-2020-13964 | 1 Roundcube | 1 Webmail | 2020-06-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. | |||||
| CVE-2020-11839 | 1 Microfocus | 1 Arcsight Logger | 2020-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | |||||
| CVE-2020-9426 | 1 Open-xchange | 1 Ox Guard | 2020-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX Guard 2.10.3 and earlier allows XSS. | |||||
| CVE-2020-14146 | 1 Kumbiaphp | 1 Kumbiaphp | 2020-06-17 | 3.5 LOW | 5.4 MEDIUM |
| KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO. | |||||
| CVE-2020-4380 | 1 Ibm | 1 Workload Scheduler | 2020-06-16 | 3.5 LOW | 5.4 MEDIUM |
| IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179160. | |||||
| CVE-2020-13271 | 1 Gitlab | 1 Gitlab | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1 | |||||
| CVE-2020-13269 | 1 Gitlab | 1 Gitlab | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1 | |||||
| CVE-2020-13267 | 1 Gitlab | 1 Gitlab | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 | |||||
| CVE-2020-4251 | 1 Ibm | 1 Api Connect | 2020-06-16 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489. | |||||
| CVE-2020-6246 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-1340 | 1 Microsoft | 1 Nugetgallery | 2020-06-16 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka 'NuGetGallery Spoofing Vulnerability'. | |||||
| CVE-2019-19110 | 1 Gvectors | 1 Wpforo | 2020-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter. | |||||
| CVE-2020-5592 | 1 Zenphoto | 1 Zenphoto | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors. | |||||
| CVE-2019-19111 | 1 Gvectors | 1 Wpforo | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter. | |||||
| CVE-2019-19112 | 1 Gvectors | 1 Wpforo | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php. | |||||
| CVE-2020-9651 | 1 Adobe | 1 Experience Manager | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | |||||
| CVE-2020-9647 | 1 Adobe | 1 Experience Manager | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | |||||
| CVE-2020-9648 | 1 Adobe | 1 Experience Manager | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | |||||
| CVE-2020-9644 | 1 Adobe | 1 Experience Manager | 2020-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | |||||
| CVE-2020-13228 | 1 Sysax | 1 Multi Server | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter. | |||||
| CVE-2020-14010 | 1 Laborator | 1 Xenon | 2020-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter. | |||||
| CVE-2020-1289 | 1 Microsoft | 1 Sharepoint Foundation | 2020-06-12 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1148. | |||||
| CVE-2020-1148 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2020-06-12 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1289. | |||||
| CVE-2020-1177 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-06-12 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320. | |||||
| CVE-2020-1183 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-06-12 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320. | |||||
| CVE-2020-13911 | 1 Your Online Shop Project | 1 Your Online Shop | 2020-06-12 | 3.5 LOW | 5.4 MEDIUM |
| Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname operation. | |||||
| CVE-2020-13973 | 1 Owasp | 1 Json-sanitizer | 2020-06-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript. | |||||
| CVE-2020-4038 | 1 Prisma | 5 Graphql-playground-html, Graphql-playground-middleware-express, Graphql-playground-middleware-hapi and 2 more | 2020-06-12 | 4.3 MEDIUM | 7.4 HIGH |
| GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13. | |||||
| CVE-2020-12849 | 1 Pydio | 1 Cells | 2020-06-12 | 3.5 LOW | 5.4 MEDIUM |
| Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user. | |||||
| CVE-2020-1297 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-06-11 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320. | |||||
| CVE-2020-1320 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-06-11 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318. | |||||
| CVE-2020-1318 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-06-11 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1320. | |||||
| CVE-2020-1298 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-06-11 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1318, CVE-2020-1320. | |||||
| CVE-2020-13980 | 1 Opencart | 1 Opencart | 2020-06-11 | 3.5 LOW | 4.8 MEDIUM |
| ** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you are still required to be logged into the admin." | |||||
| CVE-2020-13853 | 1 Pandorafms | 1 Pandora Fms | 2020-06-11 | 3.5 LOW | 5.4 MEDIUM |
| Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. | |||||
| CVE-2020-11696 | 1 Combodo | 1 Itop | 2020-06-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4. | |||||
| CVE-2020-11697 | 1 Combodo | 1 Itop | 2020-06-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4. | |||||
| CVE-2020-13892 | 1 Themeboy | 1 Sportspress | 2020-06-11 | 3.5 LOW | 5.4 MEDIUM |
| The SportsPress plugin before 2.7.2 for WordPress allows XSS. | |||||
| CVE-2020-13890 | 1 Laborator | 1 Neon | 2020-06-10 | 3.5 LOW | 5.4 MEDIUM |
| The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard. | |||||
| CVE-2020-12853 | 1 Pydio | 1 Cells | 2020-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells. | |||||
| CVE-2020-13889 | 1 Bludit | 1 Bludit | 2020-06-09 | 3.5 LOW | 5.4 MEDIUM |
| showAlert() in the administration panel in Bludit 3.12.0 allows XSS. | |||||
| CVE-2017-5964 | 1 Openenergymonitor | 1 Emoncms | 2020-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2020-13865 | 1 Elementor | 1 Elementor Page Builder | 2020-06-09 | 3.5 LOW | 5.4 MEDIUM |
| The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes. | |||||
| CVE-2020-13864 | 1 Elementor | 1 Elementor Page Builder | 2020-06-09 | 3.5 LOW | 5.4 MEDIUM |
| The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links. | |||||
| CVE-2020-13869 | 1 Verbb | 1 Comments | 2020-06-09 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name. | |||||
| CVE-2020-13870 | 1 Verbb | 1 Comments | 2020-06-09 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name. | |||||