Total
37107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35808 | 1 Netgear | 14 D6100, D6100 Firmware, Dm200 and 11 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.63, DM200 before 1.0.0.61, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.68, and WNR2000v5 before 1.0.0.66. | |||||
| CVE-2020-35807 | 1 Netgear | 26 D7800, D7800 Firmware, R7800 and 23 more | 2024-11-21 | 3.5 LOW | 6.0 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78. | |||||
| CVE-2020-35806 | 1 Netgear | 28 D7800, D7800 Firmware, R7500v2 and 25 more | 2024-11-21 | 3.5 LOW | 6.0 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78. | |||||
| CVE-2020-35805 | 1 Netgear | 34 D7800, D7800 Firmware, R7500v2 and 31 more | 2024-11-21 | 3.5 LOW | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | |||||
| CVE-2020-35774 | 1 Twitter | 1 Twitter-server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint. | |||||
| CVE-2020-35761 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. | |||||
| CVE-2020-35753 | 3 Linux, Microsoft, Persis | 3 Linux Kernel, Windows, Human Resource Management Portal | 2024-11-21 | 2.6 LOW | 6.1 MEDIUM |
| The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the "Recommend job posting" function is enabled, allows XSS via the SENDER parameter. | |||||
| CVE-2020-35752 | 1 Baby Care System Project | 1 Baby Care System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter. | |||||
| CVE-2020-35748 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter. | |||||
| CVE-2020-35741 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 4.3 MEDIUM | 7.0 HIGH |
| HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks. | |||||
| CVE-2020-35740 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 4.3 MEDIUM | 7.0 HIGH |
| HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks. | |||||
| CVE-2020-35727 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-35726 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-35725 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-35724 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter). NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-35723 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-35721 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-35720 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-35719 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-35717 | 1 Electronjs | 1 Zonote | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
| zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true). | |||||