Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7033 | 1 Avaya | 1 Equinox Conferencing | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
| A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10. | |||||
| CVE-2020-7017 | 2 Elasticsearch, Oracle | 4 Kibana, Communications Billing And Revenue Management, Communications Cloud Native Core Network Function Cloud Native Environment and 1 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization. | |||||
| CVE-2020-7015 | 1 Elastic | 1 Kibana | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization. | |||||
| CVE-2020-7011 | 1 Elastic | 1 Elastic App Search | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim�s web browser. | |||||
| CVE-2020-7006 | 1 Systech | 4 Nds-5000, Nds-5000 Firmware, Nds\/5008rm and 1 more | 2024-11-21 | 6.0 MEDIUM | 8.4 HIGH |
| Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution. | |||||
| CVE-2020-6973 | 1 Digi | 3 Connectport Lts 32 Mei, Connectport Lts 32 Mei Bios, Connectport Lts 32 Mei Firmware | 2024-11-21 | 6.3 MEDIUM | 6.2 MEDIUM |
| Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition. | |||||
| CVE-2020-6956 | 1 Pcs | 1 Dexicon Enterprise | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_action.jsp. | |||||
| CVE-2020-6955 | 1 Cayintech | 2 Smp-pro4, Smp-pro4 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS. | |||||
| CVE-2020-6876 | 1 Zte | 1 Evdc | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04 | |||||
| CVE-2020-6872 | 1 Zte | 6 R5300g4, R5300g4 Firmware, R5500g4 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>. | |||||
| CVE-2020-6854 | 1 Sos-berlin | 1 Jobscheduler | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API. | |||||
| CVE-2020-6850 | 1 Miniorange | 1 Saml Sp Single Sign On | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element. | |||||
| CVE-2020-6848 | 1 Axper | 2 Vision Ii, Vision Ii Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI. | |||||
| CVE-2020-6847 | 1 Opentrade Project | 1 Opentrade | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript. | |||||
| CVE-2020-6845 | 1 Topmanage | 1 Olk Webstore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack. | |||||
| CVE-2020-6843 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. | |||||
| CVE-2020-6816 | 2 Fedoraproject, Mozilla | 2 Fedora, Bleach | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. | |||||
| CVE-2020-6804 | 1 Mozilla | 1 Webthings Gateway | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system. | |||||
| CVE-2020-6802 | 2 Fedoraproject, Mozilla | 2 Fedora, Bleach | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. | |||||
| CVE-2020-6798 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. | |||||