Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9508 | 1 Atlassian | 2 Crucible, Fisheye | 2020-11-25 | 3.5 LOW | 5.4 MEDIUM |
| Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file. | |||||
| CVE-2020-22394 | 1 Yzmcms | 1 Yzmcms | 2020-11-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2020-26825 | 1 Sap | 1 Fiori Launchpad \(news Tile Application\) | 2020-11-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim's web browser can be read, modified, and sent to the attacker. The malicious code cannot significantly impact the victim's browser and the victim can easily close the browser tab to terminate it. | |||||
| CVE-2020-7333 | 1 Mcafee | 1 Endpoint Security | 2020-11-23 | 3.5 LOW | 4.8 MEDIUM |
| Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard. | |||||
| CVE-2020-7934 | 1 Liferay | 1 Liferay Portal | 2020-11-23 | 3.5 LOW | 5.4 MEDIUM |
| In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1. | |||||
| CVE-2020-4672 | 1 Ibm | 1 Business Automation Workflow | 2020-11-23 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285. | |||||
| CVE-2020-4705 | 1 Ibm | 1 Sterling B2b Integrator | 2020-11-23 | 3.5 LOW | 4.8 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190. | |||||
| CVE-2020-28139 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2020-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. | |||||
| CVE-2020-27459 | 1 Chronoengine | 1 Chronoforums | 2020-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed. | |||||
| CVE-2020-11860 | 1 Microfocus | 1 Arcsight Logger | 2020-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS) | |||||
| CVE-2020-14208 | 1 Salesagility | 1 Suitecrm | 2020-11-20 | 3.5 LOW | 5.4 MEDIUM |
| SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML. | |||||
| CVE-2020-4760 | 1 Ibm | 1 Content Navigator | 2020-11-20 | 4.3 MEDIUM | 5.4 MEDIUM |
| IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188737. | |||||
| CVE-2020-4704 | 1 Ibm | 1 Content Navigator | 2020-11-20 | 4.3 MEDIUM | 5.4 MEDIUM |
| IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187189. | |||||
| CVE-2020-3551 | 1 Cisco | 1 Identity Services Engine | 2020-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2020-3590 | 1 Cisco | 1 Sd-wan Vmanage | 2020-11-20 | 3.5 LOW | 6.4 MEDIUM |
| A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2020-3587 | 1 Cisco | 1 Sd-wan Vmanage | 2020-11-20 | 3.5 LOW | 6.4 MEDIUM |
| A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2020-3591 | 1 Cisco | 1 Sd-wan Vmanage | 2020-11-20 | 3.5 LOW | 4.3 MEDIUM |
| A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2020-3579 | 1 Cisco | 1 Sd-wan Vmanage | 2020-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2020-5662 | 1 Riken | 1 Xoonips | 2020-11-20 | 3.5 LOW | 5.4 MEDIUM |
| Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | |||||
| CVE-2020-5663 | 1 Riken | 1 Xoonips | 2020-11-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | |||||