Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27885 | 1 Wso2 | 1 Api Manager | 2020-11-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of the victim while the hacker maintains access. | |||||
| CVE-2020-15273 | 1 Basercms | 1 Basercms | 2020-11-03 | 3.5 LOW | 8.1 HIGH |
| baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, subsite setting list, widget area edit, and feed list on the management screen. The issue was introduced in version 4.0.0. It is fixed in version 4.4.1. | |||||
| CVE-2020-15276 | 1 Basercms | 1 Basercms | 2020-11-03 | 3.5 LOW | 8.7 HIGH |
| baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1. | |||||
| CVE-2020-23868 | 1 Nedi | 1 Nedi | 2020-11-03 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C allows inc/rt-popup.php d XSS. | |||||
| CVE-2020-23989 | 1 Nedi | 1 Nedi | 2020-11-03 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C allows pwsec.php oid XSS. | |||||
| CVE-2020-8262 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2020-11-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. | |||||
| CVE-2020-21266 | 1 Broadleafcommerce | 1 Broadleaf Commerce | 2020-11-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability. | |||||
| CVE-2020-10803 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2020-11-02 | 3.5 LOW | 5.4 MEDIUM |
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. | |||||
| CVE-2020-3599 | 1 Cisco | 1 Adaptive Security Appliance | 2020-11-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2020-24712 | 1 Getgophish | 1 Gophish | 2020-10-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page. | |||||
| CVE-2020-15274 | 1 Requarks | 1 Wiki.js | 2020-10-30 | 3.5 LOW | 5.4 MEDIUM |
| In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit a57d9af34c15adbf460dde6553d964efddf433de fixes this vulnerability (version 2.5.162) by properly escaping the text content displayed in the search results. | |||||
| CVE-2020-6876 | 1 Zte | 1 Evdc | 2020-10-30 | 3.5 LOW | 5.4 MEDIUM |
| A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04 | |||||
| CVE-2020-16140 | 1 Thembay | 1 Greenmart | 2020-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS. | |||||
| CVE-2020-3997 | 1 Vmware | 1 Horizon | 2020-10-30 | 3.5 LOW | 5.4 MEDIUM |
| VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed. | |||||
| CVE-2019-8762 | 1 Apple | 6 Icloud, Ipad Os, Iphone Os and 3 more | 2020-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2015-8766 | 1 Getsymphony | 1 Symphony | 2020-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) email_sendmail[from_name], (2) email_sendmail[from_address], (3) email_smtp[from_name], (4) email_smtp[from_address], (5) email_smtp[host], (6) email_smtp[port], (7) jit_image_manipulation[trusted_external_sites], or (8) maintenance_mode[ip_whitelist] parameters to system/preferences. | |||||
| CVE-2015-8606 | 1 Silverstripe | 1 Silverstripe | 2020-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm. | |||||
| CVE-2020-24709 | 1 Getgophish | 1 Gophish | 2020-10-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template. | |||||
| CVE-2020-24708 | 1 Getgophish | 1 Gophish | 2020-10-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form. | |||||
| CVE-2020-4731 | 1 Ibm | 1 Aspera Shares | 2020-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055. | |||||