Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15071 | 1 Getsymphony | 1 Symphony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading. | |||||
| CVE-2020-15064 | 1 Digitus | 2 Da-70254, Da-70254 Firmware | 2024-11-21 | 2.3 LOW | 4.3 MEDIUM |
| DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | |||||
| CVE-2020-15060 | 1 Lindy-international | 2 42633, 42633 Firmware | 2024-11-21 | 2.3 LOW | 4.3 MEDIUM |
| Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | |||||
| CVE-2020-15056 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-11-21 | 2.3 LOW | 4.3 MEDIUM |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | |||||
| CVE-2020-15053 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects. | |||||
| CVE-2020-15051 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields. | |||||
| CVE-2020-15041 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field. | |||||
| CVE-2020-15038 | 1 Seedprod | 1 Coming Soon Page\, Under Construction \& Maintenance Mode | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. | |||||
| CVE-2020-15037 | 1 Nedi | 1 Nedi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter. | |||||
| CVE-2020-15036 | 1 Nedi | 1 Nedi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter. | |||||
| CVE-2020-15035 | 1 Nedi | 1 Nedi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter. | |||||
| CVE-2020-15034 | 1 Nedi | 1 Nedi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter. | |||||
| CVE-2020-15033 | 1 Nedi | 1 Nedi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter. | |||||
| CVE-2020-15032 | 1 Nedi | 1 Nedi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter. | |||||
| CVE-2020-15031 | 1 Nedi | 1 Nedi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter. | |||||
| CVE-2020-15030 | 1 Nedi | 1 Nedi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter. | |||||
| CVE-2020-15029 | 1 Nedi | 1 Nedi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter. | |||||
| CVE-2020-15028 | 1 Nedi | 1 Nedi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter. | |||||
| CVE-2020-15020 | 1 Elementor | 1 Website Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field. | |||||
| CVE-2020-15017 | 1 Nedi | 1 Nedi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter. | |||||