Total
37112 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7106 | 5 Cacti, Debian, Fedoraproject and 2 more | 8 Cacti, Debian Linux, Extra Packages For Enterprise Linux and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | |||||
| CVE-2020-7104 | 1 Kibokolabs | 1 Chained Quiz | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. | |||||
| CVE-2020-7051 | 1 Codologic | 1 Codoforum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover. | |||||
| CVE-2020-7050 | 1 Codologic | 1 Codoforum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts. | |||||
| CVE-2020-7033 | 1 Avaya | 1 Equinox Conferencing | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
| A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10. | |||||
| CVE-2020-7017 | 2 Elasticsearch, Oracle | 4 Kibana, Communications Billing And Revenue Management, Communications Cloud Native Core Network Function Cloud Native Environment and 1 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization. | |||||
| CVE-2020-7015 | 1 Elastic | 1 Kibana | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization. | |||||
| CVE-2020-7011 | 1 Elastic | 1 Elastic App Search | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim�s web browser. | |||||
| CVE-2020-7006 | 1 Systech | 4 Nds-5000, Nds-5000 Firmware, Nds\/5008rm and 1 more | 2024-11-21 | 6.0 MEDIUM | 8.4 HIGH |
| Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution. | |||||
| CVE-2020-6973 | 1 Digi | 3 Connectport Lts 32 Mei, Connectport Lts 32 Mei Bios, Connectport Lts 32 Mei Firmware | 2024-11-21 | 6.3 MEDIUM | 6.2 MEDIUM |
| Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition. | |||||
| CVE-2020-6956 | 1 Pcs | 1 Dexicon Enterprise | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_action.jsp. | |||||
| CVE-2020-6955 | 1 Cayintech | 2 Smp-pro4, Smp-pro4 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS. | |||||
| CVE-2020-6876 | 1 Zte | 1 Evdc | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04 | |||||
| CVE-2020-6872 | 1 Zte | 6 R5300g4, R5300g4 Firmware, R5500g4 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>. | |||||
| CVE-2020-6854 | 1 Sos-berlin | 1 Jobscheduler | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API. | |||||
| CVE-2020-6850 | 1 Miniorange | 1 Saml Sp Single Sign On | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element. | |||||
| CVE-2020-6848 | 1 Axper | 2 Vision Ii, Vision Ii Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI. | |||||
| CVE-2020-6847 | 1 Opentrade Project | 1 Opentrade | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript. | |||||
| CVE-2020-6845 | 1 Topmanage | 1 Olk Webstore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack. | |||||
| CVE-2020-6843 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. | |||||