Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13338 | 1 Gitlab | 1 Gitlab | 2020-10-08 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references. | |||||
| CVE-2019-12626 | 1 Cisco | 1 Unified Contact Center Express | 2020-10-08 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs valid administrator credentials. | |||||
| CVE-2020-24861 | 1 Get-simple | 1 Getsimple Cms | 2020-10-08 | 3.5 LOW | 5.4 MEDIUM |
| GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page | |||||
| CVE-2020-24860 | 1 Cmsmadesimple | 1 Cms Made Simple | 2020-10-08 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website. | |||||
| CVE-2020-13336 | 1 Gitlab | 1 Gitlab | 2020-10-07 | 3.5 LOW | 4.8 MEDIUM |
| An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature. | |||||
| CVE-2020-14294 | 1 Secudos | 1 Qiata Fta | 2020-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board. | |||||
| CVE-2020-13168 | 1 Sysaid | 2 Sysaid On-premises, Sysaidsy On-premises | 2020-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. | |||||
| CVE-2020-8245 | 1 Citrix | 4 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 1 more | 2020-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal. | |||||
| CVE-2020-12815 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2020-10-06 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. | |||||
| CVE-2020-22481 | 1 Hack | 1 Hfish | 2020-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in HFish 0.5.1. When a payload is inserted where the password is entered, XSS code is triggered when the administrator views the information. | |||||
| CVE-2020-25761 | 1 Projectworlds | 1 Visitor Management System In Php | 2020-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc. | |||||
| CVE-2019-16025 | 1 Cisco | 1 Emergency Responder | 2020-10-05 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into that request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information. | |||||
| CVE-2020-22453 | 1 Untis | 1 Webuntis | 2020-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information. | |||||
| CVE-2019-20921 | 1 Snapappointments | 1 Bootstrap-select | 2020-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser. | |||||
| CVE-2020-26158 | 1 Leanote | 1 Leanote | 2020-10-05 | 6.8 MEDIUM | 9.6 CRITICAL |
| Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration. | |||||
| CVE-2020-26157 | 1 Leanote | 1 Leanote | 2020-10-05 | 6.8 MEDIUM | 9.6 CRITICAL |
| Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration. | |||||
| CVE-2019-20903 | 1 Atlassian | 1 Editor-core | 2020-10-05 | 3.5 LOW | 5.4 MEDIUM |
| The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets. | |||||
| CVE-2020-26043 | 1 Hoosk | 1 Hoosk | 2020-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php | |||||
| CVE-2020-13328 | 1 Gitlab | 1 Gitlab | 2020-10-02 | 3.5 LOW | 4.8 MEDIUM |
| An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API. | |||||
| CVE-2020-13330 | 1 Gitlab | 1 Gitlab | 2020-10-02 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature. | |||||