Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20141 | 1 Flexmonster | 1 Pivot Table \& Charts | 2020-12-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17. | |||||
| CVE-2020-20142 | 1 Flexmonster | 1 Pivot Table \& Charts | 2020-12-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17. | |||||
| CVE-2019-16957 | 1 Solarwinds | 1 Webhelpdesk | 2020-12-18 | 3.5 LOW | 5.4 MEDIUM |
| SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account. | |||||
| CVE-2019-16955 | 1 Solarwinds | 1 Webhelpdesk | 2020-12-18 | 3.5 LOW | 5.4 MEDIUM |
| SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. | |||||
| CVE-2019-11776 | 1 Eclipse | 1 Business Intelligence And Reporting Tools | 2020-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context. | |||||
| CVE-2020-4845 | 1 Ibm | 1 Security Key Lifecycle Manager | 2020-12-17 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190289. | |||||
| CVE-2020-4657 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2020-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094. | |||||
| CVE-2020-4658 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2020-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095. | |||||
| CVE-2018-16243 | 1 Solarwinds | 1 Database Performance Analyzer | 2020-12-17 | 3.5 LOW | 5.4 MEDIUM |
| SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen. | |||||
| CVE-2019-14478 | 1 Adremsoft | 1 Netcrunch | 2020-12-17 | 3.5 LOW | 5.4 MEDIUM |
| AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript code in the context of the user's browser if the victim opens or searches for a node whose "Display Name" contains an XSS payload. | |||||
| CVE-2020-28930 | 1 Epson | 2 Eps Tse Server 8, Eps Tse Server 8 Firmware | 2020-12-17 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator. | |||||
| CVE-2020-23957 | 1 Pega | 1 Pega Platform | 2020-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI. | |||||
| CVE-2020-28457 | 1 S-cart | 1 S-cart | 2020-12-16 | 3.5 LOW | 4.8 MEDIUM |
| This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS. | |||||
| CVE-2020-35395 | 1 Egavilanmedia | 1 Expense Management System | 2020-12-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field | |||||
| CVE-2020-35396 | 1 Egavilanmedia | 1 Barcodes Generator | 2020-12-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website. | |||||
| CVE-2019-14672 | 1 Firefly-iii | 1 Firefly Iii | 2020-12-16 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page. | |||||
| CVE-2019-14670 | 1 Firefly-iii | 1 Firefly Iii | 2020-12-16 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation. | |||||
| CVE-2019-14669 | 1 Firefly-iii | 1 Firefly Iii | 2020-12-16 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page. | |||||
| CVE-2019-14668 | 1 Firefly-iii | 1 Firefly Iii | 2020-12-16 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link. | |||||
| CVE-2019-14667 | 1 Firefly-iii | 1 Firefly Iii | 2020-12-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action. | |||||