Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14208 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML. | |||||
| CVE-2020-14206 | 1 Divebook Project | 1 Divebook | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter). | |||||
| CVE-2020-14202 | 1 Ibi | 1 Webfocus Business Intelligence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters. | |||||
| CVE-2020-14184 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1. | |||||
| CVE-2020-14175 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2. | |||||
| CVE-2020-14173 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. | |||||
| CVE-2020-14169 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability | |||||
| CVE-2020-14166 | 1 Atlassian | 1 Jira Service Desk | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file. | |||||
| CVE-2020-14164 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field. | |||||
| CVE-2020-14161 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint. | |||||
| CVE-2020-14146 | 1 Kumbiaphp | 1 Kumbiaphp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO. | |||||
| CVE-2020-14073 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access. | |||||
| CVE-2020-14071 | 1 Mk-auth | 1 Mk-auth | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin and client scripts allow an attacker to execute arbitrary JavaScript code. | |||||
| CVE-2020-14063 | 1 Tc Custom Javascript Project | 1 Tc Custom Javascript | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the browser of visitors. | |||||
| CVE-2020-14055 | 1 Monstaftp | 1 Monsta Ftp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding. | |||||
| CVE-2020-14042 | 1 Codiad | 1 Codiad | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." | |||||
| CVE-2020-14024 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application. | |||||
| CVE-2020-14018 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field; however, on the View user page the XSS is triggered via either the User field or the E-Mail field. | |||||
| CVE-2020-14014 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS. | |||||
| CVE-2020-14012 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent. | |||||