Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12307 | 1 Cisco | 170 Esw2-350g-52, Esw2-350g-52 Firmware, Esw2-350g-52dc and 167 more | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting and injecting code into a user request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches, Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvg24637. | |||||
| CVE-2020-24897 | 1 Stiltsoft | 1 Table Filter And Charts For Confluence Server | 2020-09-04 | 3.5 LOW | 8.9 HIGH |
| The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the "Table from CSV" macro. | |||||
| CVE-2020-24699 | 1 Chamber Dashboard Business Directory Project | 1 Chamber Dashboard Business Directory | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS. | |||||
| CVE-2020-15020 | 1 Elementor | 1 Page Builder | 2020-09-04 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field. | |||||
| CVE-2020-25033 | 1 Blubrry | 1 Subscribe Sidebar | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS. | |||||
| CVE-2020-2243 | 1 Jenkins | 1 Cadence Vmanager | 2020-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | |||||
| CVE-2020-2244 | 1 Jenkins | 1 Build Failure Analyzer | 2020-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. | |||||
| CVE-2020-2246 | 1 Jenkins | 1 Valgrind | 2020-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents. | |||||
| CVE-2019-7092 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure . | |||||
| CVE-2017-11285 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |||||
| CVE-2016-4159 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-4941 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-4940 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2017-3008 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability. | |||||
| CVE-2015-8053 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052. | |||||
| CVE-2015-8052 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053. | |||||
| CVE-2015-0345 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1113 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-2248 | 1 Jenkins | 1 Jsgames | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2014-0571 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||