Total
37107 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-36410 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module. | |||||
CVE-2020-36409 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module. | |||||
CVE-2020-36408 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module. | |||||
CVE-2020-36399 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module. | |||||
CVE-2020-36398 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module. | |||||
CVE-2020-36397 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | |||||
CVE-2020-36396 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | |||||
CVE-2020-36395 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | |||||
CVE-2020-36384 | 1 Pagelayer | 1 Pagelayer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
PageLayer before 1.3.5 allows reflected XSS via color settings. | |||||
CVE-2020-36383 | 1 Pagelayer | 1 Pagelayer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
PageLayer before 1.3.5 allows reflected XSS via the font-size parameter. | |||||
CVE-2020-36324 | 1 Wikimedia | 1 Analytics-quarry-web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type. | |||||
CVE-2020-36307 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. | |||||
CVE-2020-36306 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. | |||||
CVE-2020-36290 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | N/A | 5.4 MEDIUM |
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality. | |||||
CVE-2020-36288 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution. | |||||
CVE-2020-36236 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | |||||
CVE-2020-36234 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | |||||
CVE-2020-36202 | 1 Rust-lang | 1 Async-h1 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy. | |||||
CVE-2020-36196 | 1 Qnap | 1 Qulog Center | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0. | |||||
CVE-2020-36194 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. |