Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12759 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook. | |||||
| CVE-2020-12718 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle. | |||||
| CVE-2020-12708 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043. | |||||
| CVE-2020-12707 | 1 Lepton-cms | 1 Lepton Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements. | |||||
| CVE-2020-12706 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php | |||||
| CVE-2020-12705 | 1 Lepton-cms | 1 Leptoncms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0. | |||||
| CVE-2020-12704 | 1 Ulicms | 1 Ulicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| UliCMS before 2020.2 has PageController stored XSS. | |||||
| CVE-2020-12703 | 1 Ulicms | 1 Ulicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| UliCMS before 2020.2 has XSS during PackageController uninstall. | |||||
| CVE-2020-12696 | 1 Iframe Project | 1 Iframe | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The iframe plugin before 4.5 for WordPress does not sanitize a URL. | |||||
| CVE-2020-12685 | 1 Redhat | 1 Interchange | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. | |||||
| CVE-2020-12683 | 1 Katyshop2 Project | 1 Katyshop2 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Katyshop2 before 2.12 has multiple stored XSS issues. | |||||
| CVE-2020-12679 | 1 Mitel | 2 Mivoice Connect, Shoretel Conference Web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php. | |||||
| CVE-2020-12677 | 1 Progress | 1 Moveit Automation | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 2018 SP1 - 2018.2 prior to 2018.2.3, 2018 SP2 - 2018.3 prior to 2018.3.7, 2019 - 2019.0 prior to 2019.0.3, 2019.1 - 2019.1 prior to 2019.1.2, and 2019.2 - 2019.2 prior to 2019.2.2. | |||||
| CVE-2020-12670 | 1 Webmin | 1 Webmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email. | |||||
| CVE-2020-12648 | 1 Tiny | 1 Tinymce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. | |||||
| CVE-2020-12646 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. | |||||
| CVE-2020-12639 | 1 Phplist | 1 Phplist | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. | |||||
| CVE-2020-12635 | 1 Mageme | 1 Webforms Pro M2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field. | |||||
| CVE-2020-12629 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. | |||||
| CVE-2020-12625 | 3 Debian, Opensuse, Roundcube | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | |||||