Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35589 | 1 Limitloginattempts | 1 Limit Login Attempts Reloaded | 2020-12-22 | 3.5 LOW | 5.4 MEDIUM |
| The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. | |||||
| CVE-2018-15633 | 1 Odoo | 1 Odoo | 2020-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames. | |||||
| CVE-2018-15638 | 1 Odoo | 1 Odoo | 2020-12-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names. | |||||
| CVE-2018-15641 | 1 Odoo | 1 Odoo | 2020-12-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes. | |||||
| CVE-2020-20285 | 1 Zzcms | 1 Zzcms | 2020-12-22 | 3.5 LOW | 5.4 MEDIUM |
| There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php | |||||
| CVE-2020-35622 | 1 Mediawiki | 1 Mediawiki | 2020-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions. | |||||
| CVE-2020-4080 | 1 Hcltech | 1 Domino | 2020-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials. | |||||
| CVE-2020-14271 | 1 Hcltech | 1 Hcl Inotes | 2020-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials. | |||||
| CVE-2020-26198 | 1 Dell | 2 Idrac9, Idrac9 Firmware | 2020-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. | |||||
| CVE-2020-25495 | 1 Xinuos | 1 Openserver | 2020-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'. | |||||
| CVE-2020-27010 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-12-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462. | |||||
| CVE-2020-8462 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-12-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. | |||||
| CVE-2020-12517 | 1 Phoenixcontact | 7 Axc F 1152, Axc F 2152, Axc F 2152 Starterkit and 4 more | 2020-12-21 | 6.0 MEDIUM | 9.0 CRITICAL |
| On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation). | |||||
| CVE-2020-35274 | 1 Dotcms | 1 Dotcms | 2020-12-21 | 3.5 LOW | 4.8 MEDIUM |
| DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS. | |||||
| CVE-2020-35275 | 1 Coastercms | 1 Coastercms | 2020-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application. | |||||
| CVE-2020-20138 | 1 Cmsmadesimple | 1 Cms Made Simple | 2020-12-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4. | |||||
| CVE-2020-25609 | 1 Mitel | 1 Micollab | 2020-12-18 | 3.5 LOW | 5.4 MEDIUM |
| The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data. | |||||
| CVE-2020-2231 | 1 Jenkins | 1 Jenkins | 2020-12-18 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. | |||||
| CVE-2020-20140 | 1 Flexmonster | 1 Pivot Table \& Charts | 2020-12-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17. | |||||
| CVE-2020-20139 | 1 Flexmonster | 1 Pivot Table \& Charts | 2020-12-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17. | |||||