Total
37573 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8824 | 1 Hitrontech | 2 Coda-4582u, Coda-4582u Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen. | |||||
| CVE-2020-8823 | 1 Sockjs Project | 1 Sockjs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter. | |||||
| CVE-2020-8822 | 1 Digi | 4 Transport Wr21, Transport Wr21 Firmware, Transport Wr44 and 1 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. | |||||
| CVE-2020-8821 | 1 Webmin | 1 Webmin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users. | |||||
| CVE-2020-8820 | 1 Webmin | 1 Webmin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. | |||||
| CVE-2020-8812 | 1 Bludit | 1 Bludit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug. | |||||
| CVE-2020-8799 | 1 Webtechideas | 1 Wti Like Post | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website. | |||||
| CVE-2020-8789 | 1 Composr Project | 1 Composr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration. | |||||
| CVE-2020-8788 | 1 Synaptivemedical | 1 Clearcanvas | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report. | |||||
| CVE-2020-8778 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. | |||||
| CVE-2020-8777 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. | |||||
| CVE-2020-8776 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. | |||||
| CVE-2020-8775 | 1 Pega | 1 Platform | 2024-11-21 | 6.0 MEDIUM | 8.9 HIGH |
| Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. | |||||
| CVE-2020-8774 | 1 Pega | 1 Pega Platform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. | |||||
| CVE-2020-8773 | 1 Pega | 1 Platform | 2024-11-21 | 6.0 MEDIUM | 8.9 HIGH |
| The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-8723 | 1 Intel | 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more | 2024-11-21 | 5.4 MEDIUM | 6.3 MEDIUM |
| Cross-site scripting for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2020-8612 | 2 Progess, Progress | 2 Moveit Transfer, Moveit Transfer | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
| In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS. | |||||
| CVE-2020-8603 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2020-8594 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. | |||||
| CVE-2020-8549 | 1 Wpchill | 1 Strong Testimonials | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. | |||||