Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2219 | 1 Jenkins | 1 Link Column | 2020-07-06 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-4061 | 1 Octobercms | 1 October | 2020-07-06 | 3.5 LOW | 5.4 MEDIUM |
| In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467. | |||||
| CVE-2020-7355 | 1 Rapid7 | 1 Metasploit | 2020-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated 'host' field of a discovered scan asset. | |||||
| CVE-2020-14413 | 1 Nedi | 1 Nedi | 2020-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. | |||||
| CVE-2020-9437 | 1 Secureauth | 1 Secureauth Identity Provider | 2020-07-06 | 3.5 LOW | 4.8 MEDIUM |
| SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS. | |||||
| CVE-2020-12635 | 1 Mageme | 1 Webforms Pro M2 | 2020-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field. | |||||
| CVE-2015-2068 | 1 Magmi Project | 1 Magmi | 2020-07-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php. | |||||
| CVE-2020-15006 | 1 Bludit | 1 Bludit | 2020-07-02 | 3.5 LOW | 5.4 MEDIUM |
| Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. | |||||
| CVE-2020-12021 | 1 Osisoft | 1 Pi Web Api | 2020-07-02 | 6.0 MEDIUM | 9.0 CRITICAL |
| In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-15083 | 1 Prestashop | 1 Prestashop | 2020-07-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6 | |||||
| CVE-2020-5585 | 1 Cybozu | 1 Garoon | 2020-07-02 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2020-14071 | 1 Mk-auth | 1 Mk-auth | 2020-07-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin and client scripts allow an attacker to execute arbitrary JavaScript code. | |||||
| CVE-2020-7354 | 1 Rapid7 | 1 Metasploit | 2020-07-02 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated 'notes' field of a discovered scan asset. | |||||
| CVE-2020-13423 | 1 Form Builder For Magento 2 Project | 1 Form Builder For Magento 2 | 2020-07-02 | 3.5 LOW | 4.8 MEDIUM |
| Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header. | |||||
| CVE-2020-5586 | 1 Cybozu | 1 Garoon | 2020-07-02 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2020-14012 | 1 Enhancesoft | 1 Osticket | 2020-07-01 | 3.5 LOW | 5.4 MEDIUM |
| scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent. | |||||
| CVE-2020-15017 | 1 Nedi | 1 Nedi | 2020-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter. | |||||
| CVE-2020-15016 | 1 Nedi | 1 Nedi | 2020-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter. | |||||
| CVE-2020-9581 | 1 Magento | 1 Magento | 2020-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-9577 | 1 Magento | 1 Magento | 2020-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure . | |||||