Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9022 | 1 Cambiumnetworks | 8 Xh2-120, Xh2-120 Firmware, Xr2436 and 5 more | 2020-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS. | |||||
| CVE-2020-9025 | 1 Iteris | 2 Vantage Velocity, Vantage Velocity Firmware | 2020-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script. | |||||
| CVE-2019-13966 | 1 Combodo | 1 Itop | 2020-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title). | |||||
| CVE-2019-13965 | 1 Combodo | 1 Itop | 2020-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the administrator can be transformed to remote command execution because of CVE-2018-10642 (still working through 2.6.0) The Reflective XSS can also become a stored XSS within the same account because of another vulnerability. | |||||
| CVE-2020-9028 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user). | |||||
| CVE-2020-9007 | 1 Codologic | 1 Codoforum | 2020-02-18 | 3.5 LOW | 5.4 MEDIUM |
| Codoforum 4.8.8 allows self-XSS via the title of a new topic. | |||||
| CVE-2013-6022 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2018-16455 | 1 Marketplace Script Project | 1 Marketplace Script | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword. | |||||
| CVE-2020-8839 | 1 Chiyu-t | 2 Bf-430, Bf-430 Firmware | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field. | |||||
| CVE-2020-9012 | 1 Gluu | 1 Gluu Server | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. | |||||
| CVE-2013-2637 | 2 Opensuse, Otrs | 3 Opensuse, Faq, Otrs Itsm | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2019-14652 | 1 Amazon | 1 Aws Javascript S3 Explorer | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances. | |||||
| CVE-2016-3113 | 1 Redhat | 1 Ovirt-engine | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2020-5241 | 1 Matestack | 1 Ui-core | 2020-02-18 | 3.5 LOW | 5.4 MEDIUM |
| matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4. | |||||
| CVE-2020-7051 | 1 Codologic | 1 Codoforum | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover. | |||||
| CVE-2020-7208 | 1 Hp | 1 Linuxki | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. | |||||
| CVE-2020-5842 | 1 Codologic | 1 Codoforum | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page. | |||||
| CVE-2020-5305 | 1 Codologic | 1 Codoforum | 2020-02-18 | 3.5 LOW | 4.8 MEDIUM |
| Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. | |||||
| CVE-2018-14500 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter. | |||||
| CVE-2020-8594 | 1 Ninjaforms | 1 Ninja Forms | 2020-02-18 | 3.5 LOW | 5.4 MEDIUM |
| The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. | |||||