Total
37016 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13911 | 1 Your Online Shop Project | 1 Your Online Shop | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname operation. | |||||
| CVE-2020-13897 | 1 Hesk | 1 Hesk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HESK before 3.1.10 allows reflected XSS. | |||||
| CVE-2020-13893 | 1 Sage | 1 Easypay | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E). | |||||
| CVE-2020-13892 | 1 Themeboy | 1 Sportspress | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The SportsPress plugin before 2.7.2 for WordPress allows XSS. | |||||
| CVE-2020-13890 | 1 Laborator | 1 Neon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard. | |||||
| CVE-2020-13889 | 1 Bludit | 1 Bludit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| showAlert() in the administration panel in Bludit 3.12.0 allows XSS. | |||||
| CVE-2020-13888 | 1 Kordil Edms Project | 1 Kordil Edms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php. | |||||
| CVE-2020-13870 | 1 Verbb | 1 Comments | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name. | |||||
| CVE-2020-13869 | 1 Verbb | 1 Comments | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name. | |||||
| CVE-2020-13865 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes. | |||||
| CVE-2020-13864 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links. | |||||
| CVE-2020-13853 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. | |||||
| CVE-2020-13828 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter. | |||||
| CVE-2020-13827 | 1 Phplist | 1 Phplist | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | |||||
| CVE-2020-13825 | 1 I-doit | 1 I-doit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter. | |||||
| CVE-2020-13821 | 1 Hivemq | 1 Broker Control Center | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker. | |||||
| CVE-2020-13820 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | |||||
| CVE-2020-13819 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | |||||
| CVE-2020-13798 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php. | |||||
| CVE-2020-13797 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php. | |||||