Total
37595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9644 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | |||||
| CVE-2020-9584 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-9581 | 1 Magento | 1 Magento | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-9577 | 1 Magento | 1 Magento | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure . | |||||
| CVE-2020-9524 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS). | |||||
| CVE-2020-9522 | 1 Microfocus | 1 Arcsight Enterprise Security Manager Express | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | |||||
| CVE-2020-9520 | 1 Microfocus | 1 Vibe | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser. | |||||
| CVE-2020-9496 | 1 Apache | 1 Ofbiz | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 | |||||
| CVE-2020-9485 | 1 Apache | 1 Airflow | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI. | |||||
| CVE-2020-9467 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function. | |||||
| CVE-2020-9461 | 1 Octech | 1 Oempro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable. | |||||
| CVE-2020-9460 | 1 Octech | 1 Oempro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable. | |||||
| CVE-2020-9459 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings. | |||||
| CVE-2020-9447 | 1 Gwtupload Project | 1 Gwtupload | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking. | |||||
| CVE-2020-9445 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality. | |||||
| CVE-2020-9443 | 1 Zulipchat | 1 Zulip Desktop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82. | |||||
| CVE-2020-9440 | 3 Ckeditor, Fedoraproject, Webspellchecker | 3 Ckeditor, Fedora, Webspellchecker | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor. | |||||
| CVE-2020-9439 | 1 Uncannyowl | 1 Tin Canny Reporting For Learndash | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin Canny LearnDash Reporting before 3.4.4 allows authenticated remote attackers to inject arbitrary web script or HTML via the search_key GET Parameter in TinCan_Content_List_Table.php, message GET Parameter in licensing.php, tc_filter_group parameter in reporting-admin-menu.php, tc_filter_user parameter in reporting-admin-menu.php, tc_filter_course parameter in reporting-admin-menu.php, tc_filter_lesson parameter in reporting-admin-menu.php, tc_filter_module parameter in reporting-admin-menu.php, tc_filter_action parameter in reporting-admin-menu.php, tc_filter_data_range parameter in reporting-admin-menu.php, or tc_filter_data_range_last parameter in reporting-admin-menu.php. | |||||
| CVE-2020-9437 | 1 Secureauth | 1 Secureauth Identity Provider | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS. | |||||
| CVE-2020-9426 | 1 Open-xchange | 1 Ox Guard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX Guard 2.10.3 and earlier allows XSS. | |||||