Total
37098 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-2497 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later | |||||
CVE-2020-2496 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later | |||||
CVE-2020-2495 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later | |||||
CVE-2020-2494 | 1 Qnap | 3 Music Station, Qts, Quts Hero | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later | |||||
CVE-2020-2493 | 1 Qnap | 1 Multimedia Console | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later. | |||||
CVE-2020-2491 | 1 Qnap | 2 Photo Station, Qts | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later | |||||
CVE-2020-2317 | 1 Jenkins | 1 Findbugs | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step. | |||||
CVE-2020-2316 | 1 Jenkins | 1 Static Analysis Utilities | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
CVE-2020-2292 | 1 Jenkins | 1 Release | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission. | |||||
CVE-2020-2290 | 1 Jenkins | 1 Active Choices | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
CVE-2020-2289 | 1 Jenkins | 1 Active Choices | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
CVE-2020-2283 | 1 Jenkins | 1 Liquibase Runner | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin. | |||||
CVE-2020-2271 | 1 Jenkins | 1 Locked Files Report | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
CVE-2020-2270 | 1 Jenkins | 1 Clearcase Release | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
CVE-2020-2269 | 1 Jenkins | 1 Chosen-views-tabbar | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views. | |||||
CVE-2020-2266 | 1 Jenkins | 1 Description Column | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
CVE-2020-2265 | 1 Jenkins | 1 Coverage\/complexity Scatter Plot | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | |||||
CVE-2020-2264 | 1 Jenkins | 1 Custom Job Icon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
CVE-2020-2263 | 1 Jenkins | 1 Radiator View | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
CVE-2020-2262 | 1 Jenkins | 1 Android Lint | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. |