Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5320 | 1 Arubanetworks | 12 2530, 2530 Firmware, 2540 and 9 more | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code. | |||||
| CVE-2020-5927 | 1 F5 | 1 Big-ip Application Security Manager | 2020-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting. | |||||
| CVE-2020-15883 | 1 Managedinstalls Project | 1 Managedinstalls | 2020-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported). | |||||
| CVE-2020-15881 | 1 Munki Facts Project | 1 Munki Facts | 2020-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name. | |||||
| CVE-2019-12724 | 1 Teclib-edition | 1 News | 2020-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter. | |||||
| CVE-2019-12718 | 1 Cisco | 216 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 213 more | 2020-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and subsequently access a specific web interface page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | |||||
| CVE-2020-23658 | 1 Php-fusion | 1 Php-fusion | 2020-09-01 | 3.5 LOW | 5.4 MEDIUM |
| PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. | |||||
| CVE-2020-20628 | 1 Appsaloon | 1 Wp-gdpr | 2020-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS. | |||||
| CVE-2020-3523 | 1 Cisco | 1 Data Center Network Manager | 2020-08-31 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2020-5625 | 1 Riken | 1 Xoonips | 2020-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2020-23975 | 1 Webexcels | 1 Ecommerce Cms | 2020-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter. | |||||
| CVE-2020-19007 | 1 Halo | 1 Halo | 2020-08-31 | 3.5 LOW | 5.4 MEDIUM |
| Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser. | |||||
| CVE-2020-24104 | 1 Pix-link | 2 Lv-wr07, Lv-wr07 Firmware | 2020-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter. | |||||
| CVE-2019-18571 | 1 Dell | 1 Rsa Identity Governance And Lifecycle | 2020-08-31 | 3.5 LOW | 5.4 MEDIUM |
| The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2019-3761 | 1 Dell | 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance | 2020-08-31 | 3.5 LOW | 5.4 MEDIUM |
| The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2020-5915 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust. | |||||
| CVE-2017-16906 | 1 Horde | 1 Groupware | 2020-08-29 | 3.5 LOW | 5.4 MEDIUM |
| In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. | |||||
| CVE-2017-16908 | 1 Horde | 1 Groupware | 2020-08-29 | 3.5 LOW | 5.4 MEDIUM |
| In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. | |||||
| CVE-2017-16907 | 1 Horde | 1 Groupware | 2020-08-29 | 3.5 LOW | 5.4 MEDIUM |
| In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. | |||||
| CVE-2020-20633 | 1 Cookielawinfo | 1 Gdpr Cookie Consent | 2020-08-28 | 3.5 LOW | 5.4 MEDIUM |
| ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation. | |||||