Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12132 | 1 Fifthplay | 1 S.a.m.i | 2020-05-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS via a POST request. | |||||
| CVE-2020-12472 | 1 Mono | 1 Monox | 2020-05-04 | 3.5 LOW | 5.4 MEDIUM |
| MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. | |||||
| CVE-2020-12276 | 1 Gitlab | 1 Gitlab | 2020-05-04 | 3.5 LOW | 4.8 MEDIUM |
| GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. | |||||
| CVE-2018-21209 | 1 Netgear | 20 Jnr1010, Jnr1010 Firmware, Jr6150 and 17 more | 2020-05-04 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46. | |||||
| CVE-2020-11822 | 1 Rukovoditel | 1 Rukovoditel | 2020-05-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data. | |||||
| CVE-2017-12358 | 1 Cisco | 1 Jabber | 2020-05-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79080, CSCvf79088. | |||||
| CVE-2020-6579 | 1 Mailbeez | 1 Mailbeez | 2020-05-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloader_core.php in the MailBeez plugin for ZenCart before 3.9.22 allows remote attackers to inject arbitrary web script or HTML via the cloudloader_mode parameter. | |||||
| CVE-2019-11999 | 1 Hpe | 1 Opencall Media Platform | 2020-05-01 | 4.9 MEDIUM | 6.9 MEDIUM |
| Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 * For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates. | |||||
| CVE-2020-10797 | 1 Netgate | 1 Pfsense | 2020-05-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed. | |||||
| CVE-2020-7642 | 1 Lazysizes Project | 1 Lazysizes | 2020-05-01 | 3.5 LOW | 5.4 MEDIUM |
| lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript. | |||||
| CVE-2020-5570 | 1 Ni-consul | 1 Sales Force Assistant | 2020-05-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Sales Force Assistant version 11.2.48 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-8477 | 1 Abb | 1 800xa Information Manager | 2020-04-30 | 6.8 MEDIUM | 8.8 HIGH |
| The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. | |||||
| CVE-2020-12054 | 1 Catchplugins | 1 Catch Breadcrumb | 2020-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO. | |||||
| CVE-2018-7652 | 1 Zonemaster | 1 Zonemaster Web Gui | 2020-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS. | |||||
| CVE-2020-7132 | 1 Hp | 1 Onboard Administrator | 2020-04-30 | 3.5 LOW | 5.4 MEDIUM |
| A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows). | |||||
| CVE-2019-4429 | 1 Ibm | 10 Control Desk, Maximo Anywhere, Maximo For Aviation and 7 more | 2020-04-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886. | |||||
| CVE-2020-8775 | 1 Pega | 1 Platform | 2020-04-30 | 6.0 MEDIUM | 8.9 HIGH |
| Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. | |||||
| CVE-2020-8773 | 1 Pega | 1 Platform | 2020-04-30 | 6.0 MEDIUM | 8.9 HIGH |
| The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-5568 | 1 Cybozu | 1 Garoon | 2020-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'. | |||||
| CVE-2020-5564 | 1 Cybozu | 1 Garoon | 2020-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'. | |||||