Vulnerabilities (CVE)

Filtered by CWE-79
Total 37107 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-36410 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module.
CVE-2020-36409 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module.
CVE-2020-36408 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module.
CVE-2020-36399 1 Phplist 1 Phplist 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module.
CVE-2020-36398 1 Phplist 1 Phplist 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module.
CVE-2020-36397 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
CVE-2020-36396 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
CVE-2020-36395 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
CVE-2020-36384 1 Pagelayer 1 Pagelayer 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
PageLayer before 1.3.5 allows reflected XSS via color settings.
CVE-2020-36383 1 Pagelayer 1 Pagelayer 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
PageLayer before 1.3.5 allows reflected XSS via the font-size parameter.
CVE-2020-36324 1 Wikimedia 1 Analytics-quarry-web 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
CVE-2020-36307 2 Debian, Redmine 2 Debian Linux, Redmine 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
CVE-2020-36306 2 Debian, Redmine 2 Debian Linux, Redmine 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
CVE-2020-36290 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-11-21 N/A 5.4 MEDIUM
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.
CVE-2020-36288 1 Atlassian 4 Data Center, Jira, Jira Data Center and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution.
CVE-2020-36236 1 Atlassian 4 Jira, Jira Data Center, Jira Server and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.
CVE-2020-36234 1 Atlassian 4 Data Center, Jira, Jira Data Center and 1 more 2024-11-21 3.5 LOW 4.8 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.
CVE-2020-36202 1 Rust-lang 1 Async-h1 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy.
CVE-2020-36196 1 Qnap 1 Qulog Center 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0.
CVE-2020-36194 1 Qnap 2 Qts, Quts Hero 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3.