Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7249 | 1 Smc | 2 D3g0804, D3g0804 Firmware | 2020-01-27 | 3.5 LOW | 4.8 MEDIUM |
| SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account). | |||||
| CVE-2020-6843 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2020-01-27 | 3.5 LOW | 4.8 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. | |||||
| CVE-2019-15278 | 1 Cisco | 2 Finesse, Unified Contact Center Express | 2020-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. | |||||
| CVE-2019-3686 | 1 Suse | 1 Openqa | 2020-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security | |||||
| CVE-2019-20003 | 1 Dicube | 1 Easescreen Crystal | 2020-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication. | |||||
| CVE-2019-11997 | 1 Hp | 1 Enhanced Internet Usage Manager | 2020-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support. | |||||
| CVE-2012-6344 | 1 Novell | 1 Zenworks Configuration Management | 2020-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Novell ZENworks Configuration Management before 11.2.4 allows XSS. | |||||
| CVE-2015-6748 | 1 Jsoup | 1 Jsoup | 2020-01-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. | |||||
| CVE-2020-7937 | 1 Plone | 1 Plone | 2020-01-24 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site. | |||||
| CVE-2020-7104 | 1 Kibokolabs | 1 Chained Quiz | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. | |||||
| CVE-2020-7239 | 1 Ibm | 1 Chatbot With Ibm Watson | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent. | |||||
| CVE-2020-7228 | 1 Codepeople | 1 Calculated Fields Form | 2020-01-24 | 3.5 LOW | 5.4 MEDIUM |
| The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user. | |||||
| CVE-2019-16512 | 1 Connectwise | 1 Control | 2020-01-24 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier. | |||||
| CVE-2020-7470 | 1 Sonoff | 4 Th10, Th10 Firmware, Th16 and 1 more | 2020-01-24 | 3.5 LOW | 4.8 MEDIUM |
| Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field (after a successful login with the Web Admin Password). | |||||
| CVE-2018-17981 | 1 Lifesize | 4 Express 220, Express 220 Firmware, Room 220i and 1 more | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter. | |||||
| CVE-2011-3622 | 1 Phorum | 1 Phorum | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18. | |||||
| CVE-2016-1000237 | 1 Apostrophecms | 1 Sanitize-html | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| sanitize-html before 1.4.3 has XSS. | |||||
| CVE-2014-7238 | 1 Formget | 1 Contact Form Integrated With Google Maps | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS | |||||
| CVE-2020-1607 | 1 Juniper | 44 Ex2300, Ex2300-c, Ex3400 and 41 more | 2020-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series; 14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2. | |||||
| CVE-2011-3595 | 1 Joomla | 1 Joomla\! | 2020-01-24 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. | |||||