Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26768 | 1 Formstone | 1 Formstone | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site once the URL is clicked or visited. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials, force malware execution, user redirection and others. | |||||
| CVE-2020-26733 | 1 Skyworth | 2 Gn542vf, Gn542vf Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section. | |||||
| CVE-2020-26713 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session information or borrow user rights to perform unauthorized acts. | |||||
| CVE-2020-26701 | 1 Kaaproject | 1 Kaa | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter. | |||||
| CVE-2020-26693 | 1 Pfsense | 1 Pfsense | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function. | |||||
| CVE-2020-26680 | 1 Vfairs | 1 Vfairs | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentionally rendered out onto the page, and this can be abused to perform XSS attacks. | |||||
| CVE-2020-26672 | 1 Testimonial Rotator Project | 1 Testimonial Rotator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will be stored in the database. | |||||
| CVE-2020-26669 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update. | |||||
| CVE-2020-26642 | 1 Seacms | 1 Seacms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML. | |||||
| CVE-2020-26609 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background. | |||||
| CVE-2020-26584 | 1 Sagedpw | 1 Sage Dpw | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user's browser. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware. | |||||
| CVE-2020-26574 | 1 Leostream | 1 Connection Broker | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
| Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-26563 | 1 Objectplanet | 1 Opinio | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.) | |||||
| CVE-2020-26554 | 1 Reddoxx | 1 Maildepot | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message. | |||||
| CVE-2020-26523 | 1 Froala | 1 Froala Editor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Froala Editor before 3.2.2 allows XSS via pasted content. | |||||
| CVE-2020-26517 | 1 Intland | 1 Codebeamer | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only). | |||||
| CVE-2020-26505 | 1 Marmind | 1 Marmind | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker to perform unauthorized actions in the application on behalf of legitimate users or spread malware via the application. By using the “Assets Upload” function, an attacker can abuse the upload function to upload a malicious PDF file containing a stored XSS. | |||||
| CVE-2020-26407 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project | |||||
| CVE-2020-26298 | 2 Debian, Redcarpet Project | 2 Debian Linux, Redcarpet | 2024-11-21 | 3.5 LOW | 6.8 MEDIUM |
| Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit. | |||||
| CVE-2020-26297 | 1 Rust-lang | 1 Mdbook | 2024-11-21 | 4.3 MEDIUM | 8.2 HIGH |
| mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of mdBook (introduced in version 0.1.4) was affected by a cross site scripting vulnerability that allowed an attacker to execute arbitrary JavaScript code on an user's browser by tricking the user into typing a malicious search query, or tricking the user into clicking a link to the search page with the malicious search query prefilled. mdBook 0.4.5 fixes the vulnerability by properly escaping the search query. Owners of websites built with mdBook have to upgrade to mdBook 0.4.5 or greater and rebuild their website contents with it. | |||||