Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8348 | 1 Lenovo | 1 Enterprise Network Disk | 2020-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing. | |||||
| CVE-2020-15161 | 1 Prestashop | 1 Prestashop | 2020-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8 | |||||
| CVE-2020-15162 | 1 Prestashop | 1 Prestashop | 2020-09-30 | 3.5 LOW | 5.4 MEDIUM |
| In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8. | |||||
| CVE-2020-25148 | 1 Observium | 1 Observium | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php. | |||||
| CVE-2020-25146 | 1 Observium | 1 Observium | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule. | |||||
| CVE-2020-25138 | 1 Observium | 1 Observium | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php. | |||||
| CVE-2020-25137 | 1 Observium | 1 Observium | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI. | |||||
| CVE-2020-25135 | 1 Observium | 1 Observium | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI. | |||||
| CVE-2020-25131 | 1 Observium | 1 Observium | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr parameter to the roles/ URI. | |||||
| CVE-2020-3137 | 1 Cisco | 1 Email Security Appliance | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. | |||||
| CVE-2020-25139 | 1 Observium | 1 Observium | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php. | |||||
| CVE-2020-25140 | 1 Observium | 1 Observium | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php. | |||||
| CVE-2020-25141 | 1 Observium | 1 Observium | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI. | |||||
| CVE-2020-15930 | 1 Joplin Project | 1 Joplin | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag. | |||||
| CVE-2020-25789 | 1 Tt-rss | 1 Tiny Tiny Rss | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document. | |||||
| CVE-2020-26110 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). | |||||
| CVE-2020-26113 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). | |||||
| CVE-2020-26111 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). | |||||
| CVE-2020-5781 | 1 Ignitenet | 1 Helios Glinq | 2020-09-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users. | |||||
| CVE-2020-4054 | 1 Sanitize Project | 1 Sanitize | 2020-09-28 | 6.8 MEDIUM | 7.3 HIGH |
| In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1. | |||||