Total
37103 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-35774 | 1 Twitter | 1 Twitter-server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint. | |||||
CVE-2020-35761 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. | |||||
CVE-2020-35753 | 3 Linux, Microsoft, Persis | 3 Linux Kernel, Windows, Human Resource Management Portal | 2024-11-21 | 2.6 LOW | 6.1 MEDIUM |
The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the "Recommend job posting" function is enabled, allows XSS via the SENDER parameter. | |||||
CVE-2020-35752 | 1 Baby Care System Project | 1 Baby Care System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter. | |||||
CVE-2020-35748 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter. | |||||
CVE-2020-35741 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 4.3 MEDIUM | 7.0 HIGH |
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks. | |||||
CVE-2020-35740 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 4.3 MEDIUM | 7.0 HIGH |
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks. | |||||
CVE-2020-35727 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
CVE-2020-35726 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
CVE-2020-35725 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
CVE-2020-35724 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter). NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
CVE-2020-35723 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
CVE-2020-35721 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
CVE-2020-35720 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
CVE-2020-35719 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
CVE-2020-35717 | 1 Electronjs | 1 Zonote | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true). | |||||
CVE-2020-35707 | 1 Daybydaycrm | 1 Daybyday | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen. | |||||
CVE-2020-35706 | 1 Daybydaycrm | 1 Daybyday | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen. | |||||
CVE-2020-35705 | 1 Daybydaycrm | 1 Daybyday | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen. | |||||
CVE-2020-35704 | 1 Daybydaycrm | 1 Daybyday | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen. |