Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35819 | 1 Netgear | 22 D7800, D7800 Firmware, R7500v2 and 19 more | 2020-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | |||||
| CVE-2020-35820 | 1 Netgear | 22 D7800, D7800 Firmware, R7500v2 and 19 more | 2020-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | |||||
| CVE-2020-35824 | 1 Netgear | 22 D7800, D7800 Firmware, R7500v2 and 19 more | 2020-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | |||||
| CVE-2020-35825 | 1 Netgear | 22 D7800, D7800 Firmware, R7500v2 and 19 more | 2020-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | |||||
| CVE-2020-35826 | 1 Netgear | 22 D7800, D7800 Firmware, R7500v2 and 19 more | 2020-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | |||||
| CVE-2020-35822 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2020-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | |||||
| CVE-2020-26287 | 1 Hedgedoc | 1 Hedgedoc | 2020-12-30 | 4.3 MEDIUM | 8.7 HIGH |
| HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an attacker can inject arbitrary `script` tags in HedgeDoc notes using mermaid diagrams. Our content security policy prevents loading scripts from most locations, but `www.google-analytics.com` is allowed. Using Google Tag Manger it is possible to inject arbitrary JavaScript and execute it on page load. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.1. As a workaround one can disallow `www.google-analytics.com` in the `Content-Security-Policy` header. Note that other ways to leverage the `script` tag injection might exist. | |||||
| CVE-2020-29470 | 1 Opencart | 1 Opencart | 2020-12-30 | 3.5 LOW | 4.8 MEDIUM |
| OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. | |||||
| CVE-2020-29471 | 1 Opencart | 1 Opencart | 2020-12-30 | 3.5 LOW | 4.8 MEDIUM |
| OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger. | |||||
| CVE-2020-29475 | 1 Nopcommerce | 1 Store | 2020-12-30 | 3.5 LOW | 4.8 MEDIUM |
| nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload. | |||||
| CVE-2020-13476 | 1 Nchsoftware | 1 Express Invoice | 2020-12-30 | 3.5 LOW | 4.8 MEDIUM |
| NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module. | |||||
| CVE-2020-29204 | 1 Xuxueli | 1 Xxl-job | 2020-12-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. | |||||
| CVE-2020-35349 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2020-12-29 | 3.5 LOW | 4.8 MEDIUM |
| Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page). | |||||
| CVE-2020-29249 | 1 Cxuu | 1 Cxuucms | 2020-12-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| CXUUCMS V3 allows class="layui-input" XSS. | |||||
| CVE-2020-29250 | 1 Cxuu | 1 Cxuucms | 2020-12-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. | |||||
| CVE-2020-26035 | 1 Zammad | 1 Zammad | 2020-12-29 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket. | |||||
| CVE-2020-35346 | 1 Cxuu | 1 Cxuucms | 2020-12-28 | 3.5 LOW | 4.8 MEDIUM |
| CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. | |||||
| CVE-2020-35704 | 1 Daybydaycrm | 1 Daybyday | 2020-12-28 | 3.5 LOW | 5.4 MEDIUM |
| Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen. | |||||
| CVE-2020-27515 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2020-12-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field. | |||||
| CVE-2020-29172 | 1 Litespeedtech | 1 Litespeed Cache | 2020-12-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting. | |||||