Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15029 | 1 Nedi | 1 Nedi | 2020-07-09 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter. | |||||
| CVE-2020-15034 | 1 Nedi | 1 Nedi | 2020-07-09 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter. | |||||
| CVE-2020-15033 | 1 Nedi | 1 Nedi | 2020-07-09 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter. | |||||
| CVE-2020-15032 | 1 Nedi | 1 Nedi | 2020-07-09 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter. | |||||
| CVE-2020-15035 | 1 Nedi | 1 Nedi | 2020-07-09 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter. | |||||
| CVE-2020-2214 | 1 Jenkins | 1 Zap Pipeline | 2020-07-08 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
| CVE-2020-15535 | 1 Bestsoftinc | 1 Car Rental System | 2020-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields. | |||||
| CVE-2020-4557 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2020-07-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183611. | |||||
| CVE-2017-1659 | 1 Ibm | 1 Inotes | 2020-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| "HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials." | |||||
| CVE-2020-14055 | 1 Monstaftp | 1 Monsta Ftp | 2020-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding. | |||||
| CVE-2018-16516 | 1 Flask-admin Project | 1 Flask-admin | 2020-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. | |||||
| CVE-2020-15307 | 1 Nozominetworks | 1 Guardian | 2020-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name. | |||||
| CVE-2020-2217 | 1 Praqma | 1 Compatibility Action Storage | 2020-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2019-20416 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-07 | 3.5 LOW | 4.8 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0. | |||||
| CVE-2020-14006 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2020-07-06 | 3.5 LOW | 5.4 MEDIUM |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. | |||||
| CVE-2020-14007 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2020-07-06 | 3.5 LOW | 5.4 MEDIUM |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. | |||||
| CVE-2020-2205 | 1 Jenkins | 1 Vncrecorder | 2020-07-06 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the `checkVncServ` form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators. | |||||
| CVE-2020-2207 | 1 Jenkins | 1 Vncviewer | 2020-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2018-17874 | 1 Expressionengine | 1 Expressionengine | 2020-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| ExpressionEngine before 4.3.5 has reflected XSS. | |||||
| CVE-2017-1000160 | 1 Expressionengine | 1 Expressionengine | 2020-07-06 | 3.5 LOW | 5.4 MEDIUM |
| EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection | |||||