Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13820 | 1 Extremenetworks | 1 Extreme Management Center | 2020-08-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | |||||
| CVE-2020-4560 | 1 Ibm | 1 Financial Transaction Manager | 2020-08-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2018-1999008 | 1 Octobercms | 1 October | 2020-08-03 | 3.5 LOW | 5.4 MEDIUM |
| October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable via an Authenticated user with media module permission who can create arbitrary folder name (XSS). This vulnerability appears to have been fixed in build 437. | |||||
| CVE-2018-7198 | 1 Octobercms | 1 October | 2020-08-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. | |||||
| CVE-2017-1000193 | 1 Octobercms | 1 October | 2020-08-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser. | |||||
| CVE-2017-15284 | 1 Octobercms | 1 October | 2020-08-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account. | |||||
| CVE-2020-8204 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2020-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. | |||||
| CVE-2020-8217 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2020-07-31 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. | |||||
| CVE-2020-10985 | 1 Gambio | 1 Gambio Gx | 2020-07-31 | 3.5 LOW | 4.8 MEDIUM |
| Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. | |||||
| CVE-2020-13971 | 1 Shopware | 1 Shopware | 2020-07-31 | 3.5 LOW | 5.4 MEDIUM |
| In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication. | |||||
| CVE-2020-5612 | 1 Kujirahand | 1 Konawiki | 2020-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL. | |||||
| CVE-2020-5613 | 1 Kujirahand | 1 Konawiki | 2020-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL. | |||||
| CVE-2020-14492 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2020-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser. | |||||
| CVE-2020-4645 | 1 Ibm | 1 Planning Analytics Local | 2020-07-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717. | |||||
| CVE-2020-16095 | 1 Kitodo | 1 Kitodo.presentation | 2020-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 allows XSS. | |||||
| CVE-2019-1010247 | 1 Zmartzone | 1 Mod Auth Openidc | 2020-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2. | |||||
| CVE-2020-9691 | 1 Magento | 1 Magento | 2020-07-29 | 9.3 HIGH | 9.6 CRITICAL |
| Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-13913 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2020-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | |||||
| CVE-2019-10646 | 1 Wolfcms | 1 Wolf Cms | 2020-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded. | |||||
| CVE-2018-18823 | 1 Wolfcms | 1 Wolf Cms | 2020-07-29 | 3.5 LOW | 4.8 MEDIUM |
| WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/. | |||||