Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20406 | 1 Elementor | 1 Elementor Page Builder | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes. | |||||
| CVE-2020-24924 | 1 Elkarbackup | 1 Elkarbackup | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter | |||||
| CVE-2020-25380 | 1 Recall-products Project | 1 Recall-products | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed. | |||||
| CVE-2020-25375 | 1 Softrade | 1 Wp Smart Crm \& Invoices | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field. | |||||
| CVE-2020-2271 | 1 Jenkins | 1 Locked Files Report | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-21845 | 1 Codoforum | 1 Codoforum | 2020-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.' | |||||
| CVE-2020-10227 | 1 Vtenext | 1 Vtenext | 2020-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email. | |||||
| CVE-2020-2265 | 1 Jenkins | 1 Coverage\/complexity Scatter Plot | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | |||||
| CVE-2020-21732 | 1 Rukovoditel | 1 Rukovoditel | 2020-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename. | |||||
| CVE-2020-25378 | 1 Accesspressthemes | 1 Wp Floating Menu | 2020-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. | |||||
| CVE-2020-21733 | 1 Sagemcom | 2 F\@st 3686, F\@st 3686 Firmware | 2020-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp. | |||||
| CVE-2020-9737 | 1 Adobe | 1 Experience Manager | 2020-09-17 | 3.5 LOW | 4.8 MEDIUM |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | |||||
| CVE-2020-21731 | 1 Gazie Project | 1 Gazie | 2020-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code. | |||||
| CVE-2019-14756 | 1 Kaiostech | 1 Kaios | 2020-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application's UI as soon as the email is opened. At a bare minimum, this allows an attacker to take control over the Email application's UI (e.g., display a malicious prompt to the user asking them to re-enter their email credentials) and also allows an attacker to abuse any of the privileges available to the mobile application. | |||||
| CVE-2019-14757 | 1 Kaiostech | 1 Kaios | 2020-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application (assuming the victim chooses to import the file). At a bare minimum, this allows an attacker to take control over the Contacts application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | |||||
| CVE-2019-14758 | 1 Kaiostech | 1 Kaios | 2020-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application (assuming the victim chooses to download the email attachment). At a bare minimum, this allows an attacker to take control over the File Manager application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | |||||
| CVE-2020-13301 | 1 Gitlab | 1 Gitlab | 2020-09-16 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page. | |||||
| CVE-2020-2263 | 1 Jenkins | 1 Radiator View | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2264 | 1 Jenkins | 1 Custom Job Icon | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2262 | 1 Jenkins | 1 Android Lint | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | |||||