Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12054 | 1 Catchplugins | 1 Catch Breadcrumb | 2020-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO. | |||||
| CVE-2018-7652 | 1 Zonemaster | 1 Zonemaster Web Gui | 2020-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS. | |||||
| CVE-2020-7132 | 1 Hp | 1 Onboard Administrator | 2020-04-30 | 3.5 LOW | 5.4 MEDIUM |
| A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows). | |||||
| CVE-2020-8775 | 1 Pega | 1 Platform | 2020-04-30 | 6.0 MEDIUM | 8.9 HIGH |
| Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. | |||||
| CVE-2020-8773 | 1 Pega | 1 Platform | 2020-04-30 | 6.0 MEDIUM | 8.9 HIGH |
| The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-5568 | 1 Cybozu | 1 Garoon | 2020-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'. | |||||
| CVE-2020-8774 | 1 Pega | 1 Pega Platform | 2020-04-30 | 6.8 MEDIUM | 8.8 HIGH |
| Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. | |||||
| CVE-2020-5564 | 1 Cybozu | 1 Garoon | 2020-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'. | |||||
| CVE-2016-4790 | 1 Pulsesecure | 1 Pulse Connect Secure | 2020-04-29 | 3.5 LOW | 5.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4789 | 1 Pulsesecure | 1 Pulse Connect Secure | 2020-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-11543 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2020-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1. | |||||
| CVE-2020-10935 | 1 Zulip | 1 Zulip Server | 2020-04-28 | 3.5 LOW | 5.4 MEDIUM |
| Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover. | |||||
| CVE-2017-18811 | 1 Netgear | 1 Readynas Os | 2020-04-28 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18813 | 1 Netgear | 1 Readynas Os | 2020-04-28 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18812 | 1 Netgear | 1 Readynas Os | 2020-04-28 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18809 | 1 Netgear | 1 Readynas Os | 2020-04-28 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2020-12129 | 1 App2pro | 1 Airdisk Pro | 2020-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder function. | |||||
| CVE-2020-12130 | 1 App2pro | 1 Airdisk Pro | 2020-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function. | |||||
| CVE-2020-12131 | 1 App2pro | 1 Airdisk Pro | 2020-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter (shown next to the UI logo). | |||||
| CVE-2017-18700 | 1 Netgear | 46 D6400, D6400 Firmware, D7000 and 43 more | 2020-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D6400 before 1.0.0.60, D7000 before 1.0.1.50, D8500 before 1.0.3.29, EX6200 before 1.0.3.84, EX7000 before 1.0.0.60, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R9000 before 1.0.2.52, WNDR3400v3 before 1.0.1.16, WNR3500Lv2 before 1.2.0.46, and WNDR3700v5 before 1.1.0.48. | |||||
| CVE-2017-18715 | 1 Netgear | 14 Ex3700, Ex3700 Firmware, Ex3800 and 11 more | 2020-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects EX3700 before 1.0.0.66, EX3800 before 1.0.0.66, EX6100 before 1.0.2.20, EX6120 before 1.0.0.34, EX6150 before 1.0.0.36, EX6200 before 1.0.3.84, and EX7000 before 1.0.0.60. | |||||
| CVE-2017-18701 | 1 Netgear | 4 R6700, R6700 Firmware, R6900 and 1 more | 2020-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects R6700 before 1.0.1.36 and R6900 before 1.0.1.34. | |||||
| CVE-2019-20789 | 1 Croogo | 1 Croogo | 2020-04-27 | 3.5 LOW | 4.8 MEDIUM |
| Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies. | |||||
| CVE-2018-21095 | 1 Netgear | 4 Srr60, Srr60 Firmware, Srs60 and 1 more | 2020-04-27 | 2.3 LOW | 4.3 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects SRR60 before 2.2.1.210 and SRS60 before 2.2.1.210. | |||||
| CVE-2020-9445 | 1 Zulip | 1 Zulip Server | 2020-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality. | |||||
| CVE-2020-12071 | 1 Anchorcms | 1 Anchor | 2020-04-27 | 3.5 LOW | 4.8 MEDIUM |
| Anchor 0.12.7 allows admins to cause XSS via crafted post content. | |||||
| CVE-2020-11416 | 1 Jetbrains | 1 Space | 2020-04-27 | 3.5 LOW | 5.4 MEDIUM |
| JetBrains Space through 2020-04-22 allows stored XSS in Chats. | |||||
| CVE-2020-6217 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2020-04-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2017-18816 | 1 Netgear | 1 Readynas Os | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18807 | 1 Netgear | 1 Readynas Os | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18814 | 1 Netgear | 1 Readynas Os | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18815 | 1 Netgear | 1 Readynas Os | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18810 | 1 Netgear | 1 Readynas Os | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18820 | 1 Netgear | 1 Readynas Os | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18784 | 1 Netgear | 34 D6200, D6200 Firmware, D7000 and 31 more | 2020-04-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. | |||||
| CVE-2017-18783 | 1 Netgear | 36 D6200, D6200 Firmware, D7000 and 33 more | 2020-04-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. | |||||
| CVE-2017-18821 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||
| CVE-2017-18745 | 1 Netgear | 18 R6400, R6400 Firmware, R6700 and 15 more | 2020-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects R6400 before 1.0.1.14, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74. | |||||
| CVE-2017-18800 | 1 Netgear | 4 R6700, R6700 Firmware, R6800 and 1 more | 2020-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects R6700v2 before 1.1.0.42 and R6800 before 1.1.0.42. | |||||
| CVE-2017-18785 | 1 Netgear | 112 D3600, D3600 Firmware, D6000 and 109 more | 2020-04-23 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6100v2 before 1.0.1.54, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, R6700v2 before 1.2.0.12, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.18, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R7900P before 1.1.5.14, R8000 before 1.0.4.4, R8000P before 1.1.5.14, R8500 before 1.0.2.110, R8300 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.8, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.42, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46. | |||||
| CVE-2019-20752 | 1 Netgear | 40 D3600, D3600 Firmware, D6000 and 37 more | 2020-04-23 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. | |||||
| CVE-2020-5264 | 1 Prestashop | 1 Prestashop | 2020-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5. | |||||
| CVE-2020-5265 | 1 Prestashop | 1 Prestashop | 2020-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5. | |||||
| CVE-2020-5269 | 1 Prestashop | 1 Prestashop | 2020-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5 | |||||
| CVE-2020-5737 | 1 Tenable | 1 Tenable.sc | 2020-04-23 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue. | |||||
| CVE-2020-5271 | 1 Prestashop | 1 Prestashop | 2020-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5 | |||||
| CVE-2020-5272 | 1 Prestashop | 1 Prestashop | 2020-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5 | |||||
| CVE-2020-5276 | 1 Prestashop | 1 Prestashop | 2020-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5 | |||||
| CVE-2020-11813 | 1 Rukovoditel | 1 Rukovoditel | 2020-04-23 | 3.5 LOW | 5.4 MEDIUM |
| In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous. | |||||
| CVE-2019-5888 | 1 Overit | 1 Geocall | 2020-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977. | |||||