Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10668 | 1 Canon | 2 Oce Colorwave 500, Oce Colorwave 500 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version. | |||||
| CVE-2020-10667 | 1 Canon | 2 Oce Colorwave 500, Oce Colorwave 500 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version. | |||||
| CVE-2020-10643 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component. | |||||
| CVE-2020-10633 | 1 Hms-networks | 4 Ewon Cosy, Ewon Cosy Firmware, Ewon Flexy and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful. | |||||
| CVE-2020-10630 | 1 Sae-it | 2 Net-line Fw-50, Net-line Fw-50 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users. | |||||
| CVE-2020-10614 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display. | |||||
| CVE-2020-10596 | 1 Opencart | 1 Opencart | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section. | |||||
| CVE-2020-10544 | 1 Primetek | 1 Primefaces | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation. | |||||
| CVE-2020-10509 | 1 Sun | 1 Ehrd | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. | |||||
| CVE-2020-10477 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10476 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10475 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10474 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10473 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10472 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10471 | 1 Chadhasoftware | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10470 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10469 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. | |||||
| CVE-2020-10468 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||
| CVE-2020-10467 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. | |||||