Total
37098 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-35203 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
CVE-2020-35202 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS. | |||||
CVE-2020-35201 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS. | |||||
CVE-2020-35200 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS. | |||||
CVE-2020-35199 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS. | |||||
CVE-2020-35170 | 1 Dell | 2 Powermax Os, Unisphere | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users’ sessions. | |||||
CVE-2020-35132 | 2 Fedoraproject, Phpldapadmin Project | 2 Fedora, Phpldapadmin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. | |||||
CVE-2020-35129 | 1 Mautic | 1 Mautic | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account. | |||||
CVE-2020-35128 | 1 Acquia | 1 Mautic | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system. | |||||
CVE-2020-35127 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS. | |||||
CVE-2020-35126 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy. | |||||
CVE-2020-35125 | 1 Acquia | 1 Mautic | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept). | |||||
CVE-2020-35124 | 1 Acquia | 1 Mautic | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads. | |||||
CVE-2020-35037 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues | |||||
CVE-2020-2972 | 1 Oracle | 1 Application Express | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
CVE-2020-2562 | 1 Oracle | 1 Primavera Portfolio Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
CVE-2020-2513 | 1 Oracle | 1 Application Express | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
CVE-2020-2503 | 1 Qnap | 1 Qes | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. | |||||
CVE-2020-2502 | 1 Qnap | 1 Photo Station | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later | |||||
CVE-2020-2498 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later |