Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13329 | 1 Gitlab | 1 Gitlab | 2020-10-02 | 3.5 LOW | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature. | |||||
| CVE-2020-13331 | 1 Gitlab | 1 Gitlab | 2020-10-02 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges. | |||||
| CVE-2020-26523 | 1 Froala | 1 Froala Editor | 2020-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Froala Editor before 3.2.2 allows XSS via pasted content. | |||||
| CVE-2014-9557 | 1 Smartwebsites | 1 Smartcms | 2020-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2. | |||||
| CVE-2017-1446 | 1 Ibm | 1 Emptoris Spend Analysis | 2020-10-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171. | |||||
| CVE-2020-12869 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2020-10-02 | 3.5 LOW | 5.4 MEDIUM |
| RainbowFish PacsOne Server 6.8.4 allows XSS. | |||||
| CVE-2020-22842 | 1 Cmsmadesimple | 1 Cms Made Simple | 2020-10-02 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. | |||||
| CVE-2017-17477 | 1 Pexip | 1 Pexip Infinity | 2020-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views. | |||||
| CVE-2020-5785 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2020-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter. | |||||
| CVE-2018-7049 | 1 Wowza | 1 Streaming Engine | 2020-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request. | |||||
| CVE-2019-15969 | 1 Cisco | 1 Web Security Appliance | 2020-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script or HTML code in the context of the interface, which could allow the attacker to gain access to sensitive, browser-based information. | |||||
| CVE-2020-12816 | 1 Fortinet | 1 Fortinac | 2020-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. | |||||
| CVE-2019-10177 | 1 Redhat | 1 Cloudforms Management Engine | 2020-09-30 | 6.0 MEDIUM | 6.5 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. | |||||
| CVE-2020-12811 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2020-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. | |||||
| CVE-2020-12113 | 1 Bigbluebutton | 1 Bigbluebutton | 2020-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used. | |||||
| CVE-2019-19456 | 1 Wowza | 1 Streaming Engine | 2020-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0. | |||||
| CVE-2020-7734 | 1 Arachnys | 1 Cabot | 2020-09-30 | 3.5 LOW | 8.2 HIGH |
| All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column. | |||||
| CVE-2020-24594 | 1 Mitel | 1 Micloud Management Portal | 2020-09-30 | 6.8 MEDIUM | 9.6 CRITICAL |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | |||||
| CVE-2020-8347 | 1 Lenovo | 1 Enterprise Network Disk | 2020-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing. | |||||
| CVE-2020-15521 | 1 Zohocorp | 1 Manageengine Applications Manager | 2020-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . | |||||