Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9443 | 1 Zulipchat | 1 Zulip Desktop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82. | |||||
| CVE-2020-9440 | 3 Ckeditor, Fedoraproject, Webspellchecker | 3 Ckeditor, Fedora, Webspellchecker | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor. | |||||
| CVE-2020-9439 | 1 Uncannyowl | 1 Tin Canny Reporting For Learndash | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin Canny LearnDash Reporting before 3.4.4 allows authenticated remote attackers to inject arbitrary web script or HTML via the search_key GET Parameter in TinCan_Content_List_Table.php, message GET Parameter in licensing.php, tc_filter_group parameter in reporting-admin-menu.php, tc_filter_user parameter in reporting-admin-menu.php, tc_filter_course parameter in reporting-admin-menu.php, tc_filter_lesson parameter in reporting-admin-menu.php, tc_filter_module parameter in reporting-admin-menu.php, tc_filter_action parameter in reporting-admin-menu.php, tc_filter_data_range parameter in reporting-admin-menu.php, or tc_filter_data_range_last parameter in reporting-admin-menu.php. | |||||
| CVE-2020-9437 | 1 Secureauth | 1 Secureauth Identity Provider | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS. | |||||
| CVE-2020-9426 | 1 Open-xchange | 1 Ox Guard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX Guard 2.10.3 and earlier allows XSS. | |||||
| CVE-2020-9416 | 1 Tibco | 4 Spotfire Analyst, Spotfire Analytics Platform, Spotfire Desktop and 1 more | 2024-11-21 | 3.5 LOW | 8.2 HIGH |
| The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1. | |||||
| CVE-2020-9414 | 1 Tibco | 2 Managed File Transfer Command Center, Managed File Transfer Internet Server | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below. | |||||
| CVE-2020-9413 | 1 Tibco | 2 Managed File Transfer Command Center, Managed File Transfer Internet Server | 2024-11-21 | 9.3 HIGH | 6.3 MEDIUM |
| The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system. If the attacker convinces an authenticated user with a currently active session to enter or click on the URL the commands will be executed on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below. | |||||
| CVE-2020-9410 | 2 Oracle, Tibco | 3 Retail Order Broker, Jasperreports Library, Jasperreports Server | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
| The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s). The attacker can theoretically exploit this vulnerability when other users view a maliciously generated report, where those reports use Fusion Charts and a data source with contents controlled by the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions 7.1.1 and below, versions 7.2.0 and 7.2.1, version 7.3.0, version 7.5.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions 7.1.1 and below, TIBCO JasperReports Server: versions 7.1.1 and below, version 7.2.0, version 7.5.0, TIBCO JasperReports Server for AWS Marketplace: versions 7.5.0 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below. | |||||
| CVE-2020-9405 | 1 Iblsoft | 1 Online Weather | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page. | |||||
| CVE-2020-9393 | 1 Supsystic | 1 Pricing Table By Supsystic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS. | |||||
| CVE-2020-9390 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script. | |||||
| CVE-2020-9371 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML. | |||||
| CVE-2020-9350 | 1 Sas | 1 Visual Analytics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly. | |||||
| CVE-2020-9344 | 1 Atlassian | 1 Subversion Application Lifecycle Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations. | |||||
| CVE-2020-9339 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SOPlanning 1.45 allows XSS via the Name or Comment to status.php. | |||||
| CVE-2020-9338 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. | |||||
| CVE-2020-9336 | 1 Fauzantrif Election Project | 1 Fauzantrif Election | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> "message if election is closed" field. | |||||
| CVE-2020-9335 | 1 10web | 1 Photo Gallery | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users. | |||||
| CVE-2020-9334 | 1 Enviragallery | 1 Envira Gallery | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. | |||||