Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10203 | 1 Sonatype | 1 Nexus | 2020-04-02 | 3.5 LOW | 4.8 MEDIUM |
| Sonatype Nexus Repository before 3.21.2 allows XSS. | |||||
| CVE-2020-6753 | 1 Auth0 | 1 Login By Auth0 | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. | |||||
| CVE-2018-0612 | 1 5000 Trillion Yen Converter Project | 1 5000 Trillion Yen Converter | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-14881 | 1 Moodle | 1 Moodle | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed. | |||||
| CVE-2020-9055 | 1 Versiant | 1 Lynx Customer Service Portal | 2020-04-01 | 3.5 LOW | 5.4 MEDIUM |
| Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or information disclosure. | |||||
| CVE-2020-11106 | 1 Tecrail | 1 Responsive Filemanager | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION['RF']["view_type"] wasn't sanitized if it was already set. This made stored XSS possible if one opens ajax_calls.php and uses the "view" action and places a payload in the type parameter, and then returns to the dialog.php page. This occurs because ajax_calls.php was also able to set the $_SESSION['RF']["view_type"] variable, but there it wasn't sanitized. | |||||
| CVE-2019-18574 | 2 Emc, Rsa | 2 Rsa Authentication Manager, Authentication Manager | 2020-04-01 | 3.5 LOW | 4.8 MEDIUM |
| RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser. | |||||
| CVE-2019-13495 | 1 Zyxel | 2 Xgs2210-52hp, Xgs2210-52hp Firmware | 2020-04-01 | 3.5 LOW | 5.4 MEDIUM |
| In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field. | |||||
| CVE-2020-5392 | 1 Auth0 | 1 Wp-auth0 | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. | |||||
| CVE-2020-8923 | 1 Dart | 1 Dart Software Development Kit | 2020-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements. | |||||
| CVE-2020-4235 | 1 Ibm | 1 Tivoli Netcool\/impact | 2020-03-31 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175408. | |||||
| CVE-2019-19912 | 1 Intland | 1 Codebeamer Application Lifecycle Management | 2020-03-31 | 3.5 LOW | 4.8 MEDIUM |
| In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file. | |||||
| CVE-2020-10509 | 1 Sun | 1 Ehrd | 2020-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. | |||||
| CVE-2020-2161 | 1 Jenkins | 1 Jenkins | 2020-03-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels. | |||||
| CVE-2020-2169 | 1 Jenkins | 1 Queue Cleanup | 2020-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability. | |||||
| CVE-2020-2170 | 1 Jenkins | 1 Rapiddeploy | 2020-03-27 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability. | |||||
| CVE-2020-8985 | 1 Zend | 1 Zendto | 2020-03-27 | 6.8 MEDIUM | 8.8 HIGH |
| ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. | |||||
| CVE-2020-10790 | 1 It-novum | 1 Openitcockpit | 2020-03-27 | 3.5 LOW | 5.4 MEDIUM |
| openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. | |||||
| CVE-2020-2163 | 1 Jenkins | 1 Jenkins | 2020-03-27 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers. | |||||
| CVE-2020-2162 | 1 Jenkins | 1 Jenkins | 2020-03-27 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability. | |||||