Total
37083 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27980 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users. | |||||
| CVE-2020-27974 | 1 Quadient | 1 Mail Accounting | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS. | |||||
| CVE-2020-27957 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension. | |||||
| CVE-2020-27885 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of the victim while the hacker maintains access. | |||||
| CVE-2020-27852 | 1 Rocketgenius | 1 Gravityforms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). | |||||
| CVE-2020-27851 | 1 Rocketgenius | 1 Gravityforms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). | |||||
| CVE-2020-27850 | 1 Rocketgenius | 1 Gravityforms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). | |||||
| CVE-2020-27832 | 1 Redhat | 1 Quay | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
| A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-27783 | 6 Debian, Fedoraproject, Lxml and 3 more | 8 Debian Linux, Fedora, Lxml and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. | |||||
| CVE-2020-27741 | 1 Citadel | 1 Webcit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread. | |||||
| CVE-2020-27735 | 1 Wftpserver | 1 Wing Ftp Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser. | |||||
| CVE-2020-27726 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. | |||||
| CVE-2020-27719 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. | |||||
| CVE-2020-27691 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings. | |||||
| CVE-2020-27666 | 1 Strapi | 1 Strapi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature. | |||||
| CVE-2020-27659 | 1 Synology | 1 Safeaccess | 2024-11-21 | 3.5 LOW | 8.4 HIGH |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. | |||||
| CVE-2020-27642 | 1 Bigbluebutton | 1 Greenlight | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. | |||||
| CVE-2020-27620 | 1 Mediawiki | 1 Skin\ | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups. | |||||
| CVE-2020-27608 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document. | |||||
| CVE-2020-27576 | 1 Maxum | 1 Rumpus | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability. | |||||