Total
37108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5945 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 8.5 HIGH | 8.4 HIGH |
| In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin. | |||||
| CVE-2020-5940 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. | |||||
| CVE-2020-5932 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened. | |||||
| CVE-2020-5927 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting. | |||||
| CVE-2020-5915 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust. | |||||
| CVE-2020-5905 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 6.0 MEDIUM | 4.3 MEDIUM |
| In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display. | |||||
| CVE-2020-5903 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. | |||||
| CVE-2020-5901 | 1 F5 | 1 Nginx Controller | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
| In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system. | |||||
| CVE-2020-5889 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client. | |||||
| CVE-2020-5853 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict. | |||||
| CVE-2020-5843 | 1 Codologic | 1 Codoforum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. | |||||
| CVE-2020-5842 | 1 Codologic | 1 Codoforum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page. | |||||
| CVE-2020-5838 | 1 Symantec | 1 It Analytics | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users. | |||||
| CVE-2020-5810 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload. | |||||
| CVE-2020-5809 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS. | |||||
| CVE-2020-5785 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter. | |||||
| CVE-2020-5781 | 1 Ignitenet | 1 Helios Glinq | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users. | |||||
| CVE-2020-5769 | 1 Teltonika-networks | 2 Gateway Trb245, Gateway Trb245 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section. | |||||
| CVE-2020-5765 | 1 Tenable | 1 Nessus | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue in Nessus 8.11.0. | |||||
| CVE-2020-5751 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. | |||||