Total
37016 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13228 | 1 Sysax | 1 Multi Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter. | |||||
| CVE-2020-13225 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget. | |||||
| CVE-2020-13183 | 1 Teradici | 1 Pcoip Management Console | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload. | |||||
| CVE-2020-13176 | 1 Teradici | 2 Cloud Access Connector, Cloud Access Connector Legacy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application. | |||||
| CVE-2020-13169 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
| Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account). | |||||
| CVE-2020-13168 | 1 Sysaid | 2 Sysaid On-premises, Sysaidsy On-premises | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. | |||||
| CVE-2020-13153 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. | |||||
| CVE-2020-13145 | 1 Edx | 1 Open Edx Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS. | |||||
| CVE-2020-13134 | 1 Tufin | 1 Securechange | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1. | |||||
| CVE-2020-13133 | 1 Tufin | 1 Securechange | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) unauthenticated users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1 | |||||
| CVE-2020-13116 | 1 Carbonite | 1 Server Backup Portal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation. | |||||
| CVE-2020-13094 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr before 11.0.4 allows XSS. | |||||
| CVE-2020-12882 | 1 Rcos | 1 Submitty | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. | |||||
| CVE-2020-12869 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| RainbowFish PacsOne Server 6.8.4 allows XSS. | |||||
| CVE-2020-12853 | 1 Pydio | 1 Cells | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells. | |||||
| CVE-2020-12849 | 1 Pydio | 1 Cells | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user. | |||||
| CVE-2020-12817 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. | |||||
| CVE-2020-12816 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. | |||||
| CVE-2020-12815 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. | |||||
| CVE-2020-12814 | 1 Fortinet | 1 Fortianalyzer | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI. | |||||