Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4747 | 1 Ibm | 2 Engineering Workflow Management, Rational Team Concert | 2020-07-23 | 3.5 LOW | 5.4 MEDIUM |
| IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887. | |||||
| CVE-2011-1570 | 2 Liferay, Microsoft | 2 Liferay Portal, Windows 7 | 2020-07-23 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030. | |||||
| CVE-2020-3406 | 1 Cisco | 1 Sd-wan Firmware | 2020-07-23 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2012-0930 | 1 Schneider-electric | 1 Modicon Quantum Plc | 2020-07-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-14063 | 1 Tc Custom Javascript Project | 1 Tc Custom Javascript | 2020-07-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the browser of visitors. | |||||
| CVE-2020-3349 | 1 Cisco | 1 Data Center Network Manager | 2020-07-23 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. | |||||
| CVE-2020-5769 | 1 Teltonika-networks | 2 Gateway Trb245, Gateway Trb245 Firmware | 2020-07-22 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section. | |||||
| CVE-2019-4091 | 1 Hcltech | 1 Marketing Campaign | 2020-07-22 | 3.5 LOW | 5.4 MEDIUM |
| "HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. " | |||||
| CVE-2020-4104 | 1 Hcltech | 1 Bigfix Webui | 2020-07-22 | 3.5 LOW | 5.4 MEDIUM |
| HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855&sys_kb_id=971d99ed1b8ed01c086dcbfc0a4bcb6a. | |||||
| CVE-2019-4090 | 1 Hcltech | 1 Marketing Campaign | 2020-07-22 | 3.5 LOW | 5.4 MEDIUM |
| "HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field." | |||||
| CVE-2020-15053 | 1 Articatech | 1 Artica Proxy | 2020-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects. | |||||
| CVE-2020-15718 | 1 Rosariosis | 1 Rosariosis | 2020-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL. | |||||
| CVE-2020-15716 | 1 Rosariosis | 1 Rosariosis | 2020-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL. | |||||
| CVE-2020-15717 | 1 Rosariosis | 1 Rosariosis | 2020-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL. | |||||
| CVE-2020-2227 | 1 Jenkins | 1 Deployer Framework | 2020-07-22 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2226 | 1 Jenkins | 1 Matrix Authorization Strategy | 2020-07-22 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-3348 | 1 Cisco | 1 Data Center Network Manager | 2020-07-22 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. | |||||
| CVE-2020-9311 | 1 Silverstripe | 1 Silverstripe | 2020-07-22 | 3.5 LOW | 5.4 MEDIUM |
| In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs. | |||||
| CVE-2020-15721 | 1 Rosariosis | 1 Rosariosis | 2020-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php. | |||||
| CVE-2019-4748 | 1 Ibm | 10 Collaborative Lifecycle Management, Doors Next, Engineering Lifecycle Manager and 7 more | 2020-07-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174. | |||||