Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8753 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
| CVE-2020-27608 | 1 Bigbluebutton | 1 Bigbluebutton | 2020-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document. | |||||
| CVE-2020-3515 | 1 Cisco | 1 Firepower Management Center | 2020-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2020-14444 | 1 Wso2 | 2 Identity Server, Identity Server As Key Manager | 2020-10-28 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface. | |||||
| CVE-2020-14445 | 1 Wso2 | 2 Identity Server, Identity Server As Key Manager | 2020-10-28 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface. | |||||
| CVE-2020-3553 | 1 Cisco | 1 Firepower Management Center | 2020-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2020-12779 | 1 Combodo | 1 Itop | 2020-10-28 | 3.5 LOW | 5.4 MEDIUM |
| Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. | |||||
| CVE-2019-13633 | 1 Blinger | 1 Blinger | 2020-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed. | |||||
| CVE-2020-25470 | 1 Antsword Project | 1 Antsword | 2020-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution. | |||||
| CVE-2020-27388 | 1 Yourls | 1 Yourls | 2020-10-28 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues. | |||||
| CVE-2020-5650 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2020-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2020-18766 | 1 Antsword Project | 1 Antsword | 2020-10-27 | 6.8 MEDIUM | 9.6 CRITICAL |
| A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands. | |||||
| CVE-2020-27642 | 1 Bigbluebutton | 1 Greenlight | 2020-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. | |||||
| CVE-2018-8062 | 1 Comtrend | 2 Ar-5387un, Ar-5387un Firmware | 2020-10-27 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. | |||||
| CVE-2020-26584 | 1 Sagedpw | 1 Sage Dpw | 2020-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user's browser. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware. | |||||
| CVE-2020-13893 | 1 Sage | 1 Easypay | 2020-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E). | |||||
| CVE-2020-27182 | 1 Konzept-ix | 1 Publixone | 2020-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form. | |||||
| CVE-2020-12137 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2020-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. | |||||
| CVE-2020-27666 | 1 Strapi | 1 Strapi | 2020-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature. | |||||
| CVE-2017-1533 | 1 Ibm | 1 Security Access Manager 9.0 Firmware | 2020-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130675. | |||||