Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11006 | 1 Shopizer | 1 Shopizer | 2020-05-13 | 3.5 LOW | 5.4 MEDIUM |
| In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0. | |||||
| CVE-2020-10630 | 1 Sae-it | 2 Net-line Fw-50, Net-line Fw-50 Firmware | 2020-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users. | |||||
| CVE-2019-20768 | 1 Servicenow | 1 It Service Management | 2020-05-12 | 3.5 LOW | 5.4 MEDIUM |
| ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do. | |||||
| CVE-2020-12679 | 1 Mitel | 2 Mivoice Connect, Shoretel Conference Web | 2020-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php. | |||||
| CVE-2020-12706 | 1 Php-fusion | 1 Php-fusion | 2020-05-12 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php | |||||
| CVE-2020-12708 | 1 Php-fusion | 1 Php-fusion | 2020-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043. | |||||
| CVE-2016-1222 | 1 Kobe-beauty | 1 Php-contact-form | 2020-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | |||||
| CVE-2020-12696 | 1 Iframe Project | 1 Iframe | 2020-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The iframe plugin before 4.5 for WordPress does not sanitize a URL. | |||||
| CVE-2011-3881 | 2 Apple, Google | 4 Iphone Os, Safari, Android and 1 more | 2020-05-11 | 4.3 MEDIUM | N/A |
| WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. | |||||
| CVE-2020-5746 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | |||||
| CVE-2020-12683 | 1 Katyshop2 Project | 1 Katyshop2 | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
| Katyshop2 before 2.12 has multiple stored XSS issues. | |||||
| CVE-2020-5749 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. | |||||
| CVE-2020-5748 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | |||||
| CVE-2020-5747 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | |||||
| CVE-2020-5750 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | |||||
| CVE-2020-5751 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. | |||||
| CVE-2020-12052 | 1 Grafana | 1 Grafana | 2020-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grafana version < 6.7.3 is vulnerable for annotation popup XSS. | |||||
| CVE-2020-3313 | 1 Cisco | 1 Firepower Management Center | 2020-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the FMC Software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or to access sensitive, browser-based information. | |||||
| CVE-2020-11051 | 1 Requarks | 1 Wiki.js | 2020-05-08 | 3.5 LOW | 4.8 MEDIUM |
| In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor, the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2.3.81. | |||||
| CVE-2020-4384 | 1 Ibm | 2 Infosphere Information Server On Cloud, Infosphere Qualitystage | 2020-05-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265. | |||||