Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4223 | 1 Ibm | 1 Maximo Asset Management | 2020-07-01 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121. | |||||
| CVE-2016-5394 | 1 Apache | 1 Sling | 2020-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities. | |||||
| CVE-2020-9584 | 1 Magento | 1 Magento | 2020-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-15041 | 1 Php-fusion | 1 Php-fusion | 2020-06-30 | 3.5 LOW | 4.8 MEDIUM |
| PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field. | |||||
| CVE-2017-7388 | 1 Wallaceit | 1 Wallacepos | 2020-06-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/resetpassword.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2020-4070 | 1 W3c | 1 Css Validator | 2020-06-30 | 3.5 LOW | 5.4 MEDIUM |
| In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9. | |||||
| CVE-2020-14018 | 1 Naviwebs | 1 Navigate Cms | 2020-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field; however, on the View user page the XSS is triggered via either the User field or the E-Mail field. | |||||
| CVE-2020-15015 | 1 Gleamtech | 1 Fileultimate | 2020-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XSS via an SVG document. | |||||
| CVE-2020-13483 | 1 Bitrix24 | 1 Bitrix24 | 2020-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI. | |||||
| CVE-2019-7220 | 1 Qualiteam | 1 X-cart | 2020-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter. | |||||
| CVE-2020-4323 | 1 Ibm | 1 Security Secret Server | 2020-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177514. | |||||
| CVE-2020-9288 | 1 Fortinet | 1 Fortiwlc | 2020-06-26 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. | |||||
| CVE-2017-18880 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment. | |||||
| CVE-2017-18879 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment. | |||||
| CVE-2017-18882 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data. | |||||
| CVE-2017-18881 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command. | |||||
| CVE-2020-13888 | 1 Kordil Edms Project | 1 Kordil Edms | 2020-06-26 | 3.5 LOW | 5.4 MEDIUM |
| Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php. | |||||
| CVE-2020-14202 | 1 Ibi | 1 Webfocus Business Intelligence | 2020-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters. | |||||
| CVE-2019-19612 | 1 Halvotec | 1 Raquest | 2020-06-25 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Halvotec RaQuest 10.23.10801.0. Several features of the application allow stored Cross-site Scripting (XSS). Fixed in Release 24.2020.20608.0. | |||||
| CVE-2020-14973 | 1 Webtareas Project | 1 Webtareas | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. | |||||