Total
37080 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27478 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature. | |||||
| CVE-2020-27459 | 1 Chronoengine | 1 Chronoforums | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed. | |||||
| CVE-2020-27449 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload. | |||||
| CVE-2020-27428 | 1 Mit | 1 Scratch-svg-renderer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file. | |||||
| CVE-2020-27409 | 1 Os4ed | 1 Opensis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter. | |||||
| CVE-2020-27406 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname. | |||||
| CVE-2020-27388 | 1 Yourls | 1 Yourls | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues. | |||||
| CVE-2020-27377 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts. | |||||
| CVE-2020-27366 | 1 Humaxdigital | 2 Hgb10r-02, Hgb10r-02 Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code. | |||||
| CVE-2020-27359 | 1 Evms | 1 Redcap | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a message and send it to anyone on the platform including admins. The XSS payload would execute on the other account without interaction from the user on several pages. | |||||
| CVE-2020-27356 | 1 Debug Meta Data Project | 1 Debug Meta Data | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The debug-meta-data plugin 1.1.2 for WordPress allows XSS. | |||||
| CVE-2020-27344 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. | |||||
| CVE-2020-27262 | 1 Innokasmedical | 2 Vital Signs Monitor Vc150, Vital Signs Monitor Vc150 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 A stored cross-site scripting (XSS) vulnerability exists in the affected products that allow an attacker to inject arbitrary web script or HTML via the filename parameter to multiple update endpoints of the administrative web interface. | |||||
| CVE-2020-27224 | 1 Eclipse | 1 Theia | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
| In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code. | |||||
| CVE-2020-27219 | 1 Eclipse | 1 Hawkbit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client. | |||||
| CVE-2020-27193 | 2 Ckeditor, Oracle | 9 Ckeditor, Agile Plm, Application Express and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. | |||||
| CVE-2020-27182 | 1 Konzept-ix | 1 Publixone | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form. | |||||
| CVE-2020-27176 | 1 Marktext | 1 Marktext | 2024-11-21 | 6.8 MEDIUM | 8.3 HIGH |
| Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product. | |||||
| CVE-2020-27163 | 1 Phpredisadmin Project | 1 Phpredisadmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter. | |||||
| CVE-2020-27126 | 1 Cisco | 1 Webex Meetings | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to submit malicious input to the API used by Cisco Webex Meetings. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information from the system of a targeted user. | |||||