Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7303 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 2.3 LOW | 4.1 MEDIUM |
| Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label. | |||||
| CVE-2020-7301 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section. | |||||
| CVE-2020-7258 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | |||||
| CVE-2020-7256 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | |||||
| CVE-2020-7249 | 1 Smc | 2 D3g0804, D3g0804 Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account). | |||||
| CVE-2020-7239 | 1 Ibm | 1 Chatbot With Ibm Watson | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent. | |||||
| CVE-2020-7236 | 1 Uhp | 2 Uhp-100, Uhp-100 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section). | |||||
| CVE-2020-7235 | 1 Uhp | 2 Uhp-100, Uhp-100 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title). | |||||
| CVE-2020-7234 | 1 Ruckuswireless | 2 R310, R310 Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account). | |||||
| CVE-2020-7228 | 1 Codepeople | 1 Calculated Fields Form | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user. | |||||
| CVE-2020-7208 | 1 Hp | 1 Linuxki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. | |||||
| CVE-2020-7140 | 3 Hp, Microsoft, Redhat | 4 Icewall Sso Dfw, Icewall Sso Dgfw, Windows and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess | |||||
| CVE-2020-7132 | 1 Hp | 1 Onboard Administrator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows). | |||||
| CVE-2020-7110 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. | |||||
| CVE-2020-7108 | 1 Learndash | 1 Learndash | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field. | |||||
| CVE-2020-7107 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php. | |||||
| CVE-2020-7106 | 5 Cacti, Debian, Fedoraproject and 2 more | 8 Cacti, Debian Linux, Extra Packages For Enterprise Linux and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | |||||
| CVE-2020-7104 | 1 Kibokolabs | 1 Chained Quiz | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. | |||||
| CVE-2020-7051 | 1 Codologic | 1 Codoforum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover. | |||||
| CVE-2020-7050 | 1 Codologic | 1 Codoforum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts. | |||||