Total
37058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24599 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks. | |||||
| CVE-2020-24594 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | |||||
| CVE-2020-24582 | 1 Zulipchat | 1 Zulip Desktop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface. | |||||
| CVE-2020-24553 | 4 Fedoraproject, Golang, Opensuse and 1 more | 4 Fedora, Go, Leap and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | |||||
| CVE-2020-24445 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
| AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2020-24443 | 1 Adobe | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2020-24442 | 1 Adobe | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2020-24416 | 1 Adobe | 1 Marketo Sales Insight | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2020-24408 | 1 Magento | 1 Magento | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file. | |||||
| CVE-2020-24390 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. | |||||
| CVE-2020-24353 | 1 Pega | 1 Pega Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. | |||||
| CVE-2020-24316 | 1 Admin Menu Project | 1 Admin Menu | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | |||||
| CVE-2020-24314 | 1 Rss Feed Widget Project | 1 Rss Feed Widget | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | |||||
| CVE-2020-24313 | 1 Etoilewebdesign | 1 Ultimate Appointment Booking \& Scheduling | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | |||||
| CVE-2020-24303 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. | |||||
| CVE-2020-24301 | 1 Hapifhir | 1 Testpage Overlay | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believed to be widely used for any production purposes. | |||||
| CVE-2020-24223 | 1 Mara Cms Project | 1 Mara Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. | |||||
| CVE-2020-24198 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' | |||||
| CVE-2020-24194 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter. | |||||
| CVE-2020-24188 | 1 Unitedplanet | 1 Intrexx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter. | |||||