Total
37115 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9019 | 1 Wpjobboard | 1 Wpjobboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description. | |||||
| CVE-2020-9016 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. | |||||
| CVE-2020-9012 | 1 Gluu | 1 Gluu Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. | |||||
| CVE-2020-9008 | 1 Blackboard | 1 Blackboard Learn | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor. | |||||
| CVE-2020-9007 | 1 Codologic | 1 Codoforum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Codoforum 4.8.8 allows self-XSS via the title of a new topic. | |||||
| CVE-2020-9003 | 1 Machothemes | 1 Modula Image Gallery | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. | |||||
| CVE-2020-8985 | 1 Zend | 1 Zendto | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. | |||||
| CVE-2020-8981 | 1 Mantisbt | 1 Source Integration | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings permit it). This is related to CVE-2018-16362. | |||||
| CVE-2020-8966 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page. | |||||
| CVE-2020-8960 | 1 Westerndigital | 1 Mycloud.com | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. | |||||
| CVE-2020-8952 | 1 Fiserv | 1 Accurate Reconciliation | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeOut parameter. | |||||
| CVE-2020-8951 | 1 Fiserv | 1 Accurate Reconciliation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the Source or Destination field of the Configuration Manager (Configuration Parameter Translation) page. | |||||
| CVE-2020-8923 | 1 Dart | 1 Dart Software Development Kit | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements. | |||||
| CVE-2020-8839 | 1 Chiyu-t | 2 Bf-430, Bf-430 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field. | |||||
| CVE-2020-8825 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS. | |||||
| CVE-2020-8824 | 1 Hitrontech | 2 Coda-4582u, Coda-4582u Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen. | |||||
| CVE-2020-8823 | 1 Sockjs Project | 1 Sockjs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter. | |||||
| CVE-2020-8822 | 1 Digi | 4 Transport Wr21, Transport Wr21 Firmware, Transport Wr44 and 1 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. | |||||
| CVE-2020-8821 | 1 Webmin | 1 Webmin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users. | |||||
| CVE-2020-8820 | 1 Webmin | 1 Webmin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. | |||||