Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10777 | 1 Redhat | 1 Cloudforms | 2020-08-12 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. | |||||
| CVE-2012-4194 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more | 2020-08-12 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. | |||||
| CVE-2012-4195 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more | 2020-08-12 | 4.3 MEDIUM | N/A |
| The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. | |||||
| CVE-2020-15907 | 1 Mahara | 1 Mahara | 2020-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript. | |||||
| CVE-2020-17480 | 1 Tiny | 1 Tinymce | 2020-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor. | |||||
| CVE-2019-1010091 | 1 Tiny | 1 Tinymce | 2020-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab. | |||||
| CVE-2020-16275 | 1 Carson-saint | 1 Saint Security Suite | 2020-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link. | |||||
| CVE-2020-16278 | 1 Carson-saint | 1 Saint Security Suite | 2020-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link. | |||||
| CVE-2020-15870 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2020-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2). | |||||
| CVE-2020-15869 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2020-08-11 | 4.3 MEDIUM | 5.4 MEDIUM |
| Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). | |||||
| CVE-2020-17364 | 1 Usvn | 1 User-friendly Svn | 2020-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. | |||||
| CVE-2020-16847 | 1 Extremenetworks | 1 Extreme Management Center | 2020-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. | |||||
| CVE-2020-17476 | 1 Mibew | 1 Messenger | 2020-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mibew Messenger before 3.2.7 allows XSS via a crafted user name. | |||||
| CVE-2020-4541 | 1 Ibm | 1 Jazz Reporting Service | 2020-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183039. | |||||
| CVE-2020-4533 | 1 Ibm | 1 Jazz Reporting Service | 2020-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182717. | |||||
| CVE-2020-4539 | 1 Ibm | 1 Jazz Reporting Service | 2020-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2020-17451 | 1 Flatcore | 1 Flatcore | 2020-08-10 | 3.5 LOW | 4.8 MEDIUM |
| flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter. | |||||
| CVE-2012-3992 | 4 Canonical, Mozilla, Redhat and 1 more | 13 Ubuntu Linux, Firefox, Firefox Esr and 10 more | 2020-08-10 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. | |||||
| CVE-2020-15830 | 1 Jetbrains | 1 Teamcity | 2020-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. | |||||
| CVE-2020-15831 | 1 Jetbrains | 1 Teamcity | 2020-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. | |||||