Total
37572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8514 | 2 Apple, Maxum | 2 Macos, Rumpus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality. | |||||
| CVE-2020-8512 | 1 Icewarp | 1 Icewarp Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. | |||||
| CVE-2020-8498 | 1 Gistpress Project | 1 Gistpress | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability). | |||||
| CVE-2020-8496 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator. | |||||
| CVE-2020-8493 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator. | |||||
| CVE-2020-8477 | 1 Abb | 1 800xa Information Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. | |||||
| CVE-2020-8462 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. | |||||
| CVE-2020-8436 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter. | |||||
| CVE-2020-8426 | 1 Elementor | 1 Website Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user. | |||||
| CVE-2020-8421 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs. | |||||
| CVE-2020-8348 | 1 Lenovo | 1 Enterprise Network Disk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing. | |||||
| CVE-2020-8347 | 1 Lenovo | 1 Enterprise Network Disk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing. | |||||
| CVE-2020-8340 | 1 Lenovo | 15 Flex System Nx360 M5, Flex System X240, Flex System X240 M5 and 12 more | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
| A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user's web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself. | |||||
| CVE-2020-8339 | 1 Ibm | 2 Bladecenter Advanced Management Module, Bladecenter Advanced Management Module Firmware | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself. | |||||
| CVE-2020-8294 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format. | |||||
| CVE-2020-8292 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes. | |||||
| CVE-2020-8291 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks. | |||||
| CVE-2020-8288 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter. | |||||
| CVE-2020-8281 | 1 Nextcloud | 1 Contacts | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks. | |||||
| CVE-2020-8280 | 1 Nextcloud | 1 Contacts | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks. | |||||