Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2284 | 1 Code-atlantic | 1 Popup Maker | 2020-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-6210 | 1 Sap | 1 Fiori Launchpad | 2020-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-6200 | 1 Sap | 1 Commerce Cloud | 2020-03-11 | 3.5 LOW | 5.4 MEDIUM |
| The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework. | |||||
| CVE-2020-7579 | 1 Siemens | 1 Spectrum Power 5 | 2020-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in Spectrum Powerâ„¢ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If deployed according to recommended system configuration, Siemens consideres the environmental vector as CR:L/IR:M/AR:H/MAV:A (4.1). | |||||
| CVE-2018-6845 | 1 Olx Clone Script Project | 1 Olx Clone Script | 2020-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field. | |||||
| CVE-2018-6858 | 1 Facebook Clone Script Project | 1 Facebook Clone Script | 2020-03-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script. | |||||
| CVE-2018-6861 | 1 Lawyer Search Script Project | 1 Lawyer Search Script | 2020-03-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter. | |||||
| CVE-2019-12444 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. | |||||
| CVE-2019-12445 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS. | |||||
| CVE-2019-12442 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics. | |||||
| CVE-2020-4084 | 1 Hcltech | 1 Connections | 2020-03-10 | 3.5 LOW | 5.4 MEDIUM |
| HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2015-7343 | 1 Joobi | 1 Jnews | 2020-03-10 | 3.5 LOW | 4.8 MEDIUM |
| JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter. | |||||
| CVE-2020-10191 | 1 Munkireport Project | 1 Munkireport | 2020-03-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail. | |||||
| CVE-2020-9758 | 1 Livezilla | 1 Livezilla | 2020-03-10 | 4.3 MEDIUM | 9.6 CRITICAL |
| An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters. | |||||
| CVE-2020-10192 | 1 Munkireport Project | 1 Munkireport | 2020-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php. | |||||
| CVE-2020-4162 | 1 Ibm | 1 Infosphere Information Server | 2020-03-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174342. | |||||
| CVE-2017-16833 | 1 Gemirro Project | 1 Gemirro | 2020-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. | |||||
| CVE-2020-2136 | 1 Jenkins | 1 Git | 2020-03-09 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2137 | 1 Jenkins | 1 Timestamper | 2020-03-09 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2020-2140 | 1 Jenkins | 1 Audit Trail | 2020-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. | |||||