Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15313 | 1 Zimbra | 1 Collaboration Server | 2020-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability. | |||||
| CVE-2020-5223 | 1 Privatebin | 1 Privatebin | 2020-01-29 | 2.1 LOW | 4.4 MEDIUM |
| In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. The vulnerability has been fixed in PrivateBin v1.3.2 & v1.2.2. Admins are urged to upgrade to these versions to protect the affected users. | |||||
| CVE-2020-7997 | 1 Asus | 2 Rt-ac66u, Rt-ac66u Firmware | 2020-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature. | |||||
| CVE-2019-10770 | 1 Ratpack | 1 Ratpack | 2020-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to be utilized in production it would require users to not disable development mode. | |||||
| CVE-2013-0286 | 1 Pinboard Project | 1 Pinboard | 2020-01-29 | 3.5 LOW | 5.4 MEDIUM |
| Pinboard 1.0.6 theme for Wordpress has XSS. | |||||
| CVE-2019-15586 | 1 Gitlab | 1 Gitlab | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. | |||||
| CVE-2019-12427 | 1 Zimbra | 1 Collaboration Server | 2020-01-28 | 3.5 LOW | 4.8 MEDIUM |
| Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console. | |||||
| CVE-2019-8947 | 1 Zimbra | 1 Collaboration Server | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. | |||||
| CVE-2019-8946 | 1 Zimbra | 1 Collaboration Server | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | |||||
| CVE-2019-8945 | 1 Zimbra | 1 Collaboration Server | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | |||||
| CVE-2019-11318 | 1 Synacor | 1 Zimbra Collaboration Server | 2020-01-28 | 3.5 LOW | 5.4 MEDIUM |
| Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. | |||||
| CVE-2015-2249 | 1 Synacor | 1 Zimbra Collaboration Server | 2020-01-28 | 3.5 LOW | 5.4 MEDIUM |
| Zimbra Collaboration before 8.6.0 patch5 has XSS. | |||||
| CVE-2014-5500 | 1 Synacor | 1 Zimbra Collaboration Server | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Synacor Zimbra Collaboration before 8.0.8 has XSS. | |||||
| CVE-2019-6036 | 1 F-revocrm | 1 F-revocrm | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-16015 | 1 Cisco | 1 Data Center Analytics Framework | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information on the affected system. | |||||
| CVE-2019-19592 | 1 Jamasoftware | 1 Connect | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting | |||||
| CVE-2020-3129 | 1 Cisco | 1 Unity Connection | 2020-01-28 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element. | |||||
| CVE-2020-3136 | 1 Cisco | 1 Jabber Guest | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affects Cisco Jabber Guest releases 11.1(2) and earlier. | |||||
| CVE-2020-7989 | 1 Adive | 1 Framework | 2020-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adive Framework 2.0.8 has admin/user/add userUsername XSS. | |||||
| CVE-2020-7990 | 1 Adive | 1 Framework | 2020-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adive Framework 2.0.8 has admin/user/add userName XSS. | |||||