Total
37380 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24861 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page | |||||
| CVE-2020-24860 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website. | |||||
| CVE-2020-24842 | 1 Sdgc | 1 Pnpscada | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim's browser. | |||||
| CVE-2020-24794 | 1 Kentico | 1 Kentico | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75. | |||||
| CVE-2020-24712 | 1 Getgophish | 1 Gophish | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page. | |||||
| CVE-2020-24709 | 1 Getgophish | 1 Gophish | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template. | |||||
| CVE-2020-24708 | 1 Getgophish | 1 Gophish | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form. | |||||
| CVE-2020-24706 | 1 Wso2 | 6 Api Manager, Api Manager Analytics, Identity Server and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. | |||||
| CVE-2020-24704 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. | |||||
| CVE-2020-24701 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI). | |||||
| CVE-2020-24699 | 1 Chamber Dashboard Business Directory Project | 1 Chamber Dashboard Business Directory | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS. | |||||
| CVE-2020-24692 | 1 Mitel | 1 Micontact Center Business | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | |||||
| CVE-2020-24670 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | |||||
| CVE-2020-24669 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA. | |||||
| CVE-2020-24668 | 1 Tracefinancial | 1 Crestbridge | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03. | |||||
| CVE-2020-24666 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1 | |||||
| CVE-2020-24664 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | |||||
| CVE-2020-24663 | 1 Tracefinanacial | 1 Crestbridge | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03. | |||||
| CVE-2020-24662 | 1 Smartstream | 1 Transaction Lifecycle Management Reconciliations-premium | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS. This was fixed in TLM RP 3.1.0. | |||||
| CVE-2020-24627 | 1 Hpe | 2 Kvm Ip Console Switch G2, Kvm Ip Console Switch G2 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | |||||