Total
37859 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8788 | 1 Synaptivemedical | 1 Clearcanvas | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report. | |||||
| CVE-2020-8778 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. | |||||
| CVE-2020-8777 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. | |||||
| CVE-2020-8776 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. | |||||
| CVE-2020-8775 | 1 Pega | 1 Platform | 2024-11-21 | 6.0 MEDIUM | 8.9 HIGH |
| Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. | |||||
| CVE-2020-8774 | 1 Pega | 1 Pega Platform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. | |||||
| CVE-2020-8773 | 1 Pega | 1 Platform | 2024-11-21 | 6.0 MEDIUM | 8.9 HIGH |
| The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-8723 | 1 Intel | 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more | 2024-11-21 | 5.4 MEDIUM | 6.3 MEDIUM |
| Cross-site scripting for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2020-8612 | 2 Progess, Progress | 2 Moveit Transfer, Moveit Transfer | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
| In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS. | |||||
| CVE-2020-8603 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2020-8594 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. | |||||
| CVE-2020-8549 | 1 Wpchill | 1 Strong Testimonials | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. | |||||
| CVE-2020-8548 | 1 Masscode | 1 Masscode | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). | |||||
| CVE-2020-8542 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite through 7.10.3 allows XSS. | |||||
| CVE-2020-8514 | 2 Apple, Maxum | 2 Macos, Rumpus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality. | |||||
| CVE-2020-8512 | 1 Icewarp | 1 Icewarp Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. | |||||
| CVE-2020-8498 | 1 Gistpress Project | 1 Gistpress | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability). | |||||
| CVE-2020-8496 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator. | |||||
| CVE-2020-8493 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator. | |||||
| CVE-2020-8477 | 1 Abb | 1 800xa Information Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. | |||||