Total
37424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2136 | 1 Jenkins | 1 Git | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2122 | 1 Jenkins | 1 Brakeman | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data. | |||||
| CVE-2020-2113 | 1 Jenkins | 1 Git Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. | |||||
| CVE-2020-2112 | 1 Jenkins | 1 Git Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. | |||||
| CVE-2020-2111 | 1 Jenkins | 1 Subversion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2106 | 1 Jenkins | 1 Code Coverage Api | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations. | |||||
| CVE-2020-2096 | 1 Jenkins | 1 Gitlab Hook | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability. | |||||
| CVE-2020-2036 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9. | |||||
| CVE-2020-2017 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0. | |||||
| CVE-2020-2005 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 7.1 HIGH |
| A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; All versions of PAN-OS 8.0. | |||||
| CVE-2020-29653 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags. | |||||
| CVE-2020-29593 | 1 Orchardproject | 1 Orchard | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display. | |||||
| CVE-2020-29587 | 1 Simplcommerce | 1 Simplcommerce | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html() function to directly append the payload to a dialog. | |||||
| CVE-2020-29572 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field. | |||||
| CVE-2020-29539 | 1 Systransoft | 1 Pure Neural Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pure Neural Server before 9.7.0 allows a threat actor to have a remote authenticated user run JavaScript from a malicious site. | |||||
| CVE-2020-29535 | 1 Rsa | 1 Archer | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2020-29497 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2020-29496 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2020-29477 | 1 Invisioncommunity | 1 Community | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. | |||||
| CVE-2020-29475 | 1 Nopcommerce | 1 Store | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload. | |||||