Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3439 | 1 Cisco | 1 Data Center Network Manager | 2020-08-28 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2020-15138 | 3 Apple, Microsoft, Prismjs | 3 Safari, Internet Explorer, Previewers | 2020-08-28 | 2.6 LOW | 7.5 HIGH |
| Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround. | |||||
| CVE-2020-3518 | 1 Cisco | 1 Data Center Network Manager | 2020-08-28 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of the affected software. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2020-24599 | 1 Joomla | 1 Joomla\! | 2020-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks. | |||||
| CVE-2020-23981 | 1 13enforme | 1 13enforme Cms | 2020-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| 13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter. | |||||
| CVE-2020-23660 | 1 Webtareas Project | 1 Webtareas | 2020-08-28 | 3.5 LOW | 5.4 MEDIUM |
| webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." | |||||
| CVE-2020-4575 | 1 Ibm | 2 Websphere Application Server, Websphere Virtual Enterprise | 2020-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. | |||||
| CVE-2019-4691 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171828. | |||||
| CVE-2020-23654 | 1 Naviwebs | 1 Navigatecms | 2020-08-26 | 3.5 LOW | 5.4 MEDIUM |
| NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop." | |||||
| CVE-2020-23655 | 1 Naviwebs | 1 Navigatecms | 2020-08-26 | 3.5 LOW | 5.4 MEDIUM |
| NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." | |||||
| CVE-2020-23657 | 1 Naviwebs | 1 Navigatecms | 2020-08-26 | 3.5 LOW | 5.4 MEDIUM |
| NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." | |||||
| CVE-2020-23656 | 1 Naviwebs | 1 Navigatecms | 2020-08-26 | 3.5 LOW | 5.4 MEDIUM |
| NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content." | |||||
| CVE-2012-3985 | 3 Canonical, Mozilla, Suse | 6 Ubuntu Linux, Firefox, Seamonkey and 3 more | 2020-08-26 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set. | |||||
| CVE-2020-5619 | 1 Exceedone | 1 Exment | 2020-08-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors. | |||||
| CVE-2020-3975 | 1 Vmware | 1 App Volumes | 2020-08-26 | 3.5 LOW | 5.4 MEDIUM |
| VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing. | |||||
| CVE-2020-12759 | 1 Zulip | 1 Zulip Server | 2020-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook. | |||||
| CVE-2020-15499 | 1 Asus | 2 Rt-ac1900p, Rt-ac1900p Firmware | 2020-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page. | |||||
| CVE-2010-3931 | 1 Rocomotion | 10 P Board, P Diary R, P Forum and 7 more | 2020-08-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2020-5620 | 1 Exceedone | 1 Exment | 2020-08-25 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file. | |||||
| CVE-2016-5660 | 1 Accela | 1 Civic Platform | 2020-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter. | |||||