Total
37016 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1442 | 1 Microsoft | 2 Office Online Server, Office Web Apps | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'. | |||||
| CVE-2020-1345 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> | |||||
| CVE-2020-1340 | 1 Microsoft | 1 Nugetgallery | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka 'NuGetGallery Spoofing Vulnerability'. | |||||
| CVE-2020-1327 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'. | |||||
| CVE-2020-1326 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. | |||||
| CVE-2020-1289 | 1 Microsoft | 1 Sharepoint Foundation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1148. | |||||
| CVE-2020-1227 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> | |||||
| CVE-2020-1198 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> | |||||
| CVE-2020-1148 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1289. | |||||
| CVE-2020-1107 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105. | |||||
| CVE-2020-1105 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1104, CVE-2020-1107. | |||||
| CVE-2020-1104 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107. | |||||
| CVE-2020-1063 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | |||||
| CVE-2020-1050 | 1 Microsoft | 1 Dynamics 365 Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1049. | |||||
| CVE-2020-1049 | 1 Microsoft | 1 Dynamics 365 Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1050. | |||||
| CVE-2020-19962 | 1 Chaoji Cms Project | 1 Chaoji Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts. | |||||
| CVE-2020-19952 | 1 Jbt | 1 Live \(github-flavored\) Markdown Editor | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file. | |||||
| CVE-2020-19950 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-19949 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-19924 | 1 Issuehunt | 1 Boostnote | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks. | |||||