Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2257 | 1 Jenkins | 1 Validating String Parameter | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2266 | 1 Jenkins | 1 Description Column | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2256 | 1 Jenkins | 1 Pipeline Maven Integration | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2269 | 1 Jenkins | 1 Chosen-views-tabbar | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views. | |||||
| CVE-2020-2259 | 1 Jenkins | 1 Computer Queue | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | |||||
| CVE-2020-2270 | 1 Jenkins | 1 Clearcase Release | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-9742 | 1 Adobe | 1 Experience Manager | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | |||||
| CVE-2017-15947 | 1 Aspsource | 1 Simple Asc Content Management System | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp. | |||||
| CVE-2020-4530 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2020-09-15 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714. | |||||
| CVE-2020-16218 | 1 Philips | 1 Patient Information Center Ix | 2020-09-15 | 2.7 LOW | 3.5 LOW |
| Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. | |||||
| CVE-2020-24198 | 1 Stock Management System Project | 1 Stock Management System | 2020-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' | |||||
| CVE-2020-2036 | 1 Paloaltonetworks | 1 Pan-os | 2020-09-15 | 6.8 MEDIUM | 8.8 HIGH |
| A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9. | |||||
| CVE-2020-15788 | 1 Siemens | 1 Polarion Subversion Webclient | 2020-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client (e.g. by clicking on a malicious URL with embedded JavaScript), then JavaScript code can be returned and may then be executed by the user’s client. Various actions could be triggered by running malicious JavaScript code. | |||||
| CVE-2020-24194 | 1 Daily Tracker System Project | 1 Daily Tracker System | 2020-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter. | |||||
| CVE-2020-9736 | 1 Adobe | 1 Experience Manager | 2020-09-14 | 3.5 LOW | 4.8 MEDIUM |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when browsing to the page containing the vulnerable field. | |||||
| CVE-2020-9738 | 1 Adobe | 1 Experience Manager | 2020-09-14 | 3.5 LOW | 4.8 MEDIUM |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when visiting the page containing the vulnerable field. | |||||
| CVE-2020-9740 | 1 Adobe | 1 Experience Manager | 2020-09-14 | 3.5 LOW | 5.4 MEDIUM |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | |||||
| CVE-2020-6326 | 1 Sap | 1 Netweaver Knowledge Management | 2020-09-14 | 3.5 LOW | 5.4 MEDIUM |
| SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting. | |||||
| CVE-2020-9741 | 1 Adobe | 1 Experience Manager | 2020-09-14 | 3.5 LOW | 5.4 MEDIUM |
| The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | |||||
| CVE-2020-9735 | 1 Adobe | 1 Experience Manager | 2020-09-14 | 3.5 LOW | 4.8 MEDIUM |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when search queries return the page containing the vulnerable field. | |||||