Total
37782 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36236 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | |||||
| CVE-2020-36234 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | |||||
| CVE-2020-36202 | 1 Rust-lang | 1 Async-h1 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy. | |||||
| CVE-2020-36196 | 1 Qnap | 1 Qulog Center | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0. | |||||
| CVE-2020-36194 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. | |||||
| CVE-2020-36190 | 1 Rails Admin Project | 1 Rails Admin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms. | |||||
| CVE-2020-36172 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. | |||||
| CVE-2020-36171 | 1 Elementor | 1 Website Builder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads. | |||||
| CVE-2020-36139 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter. | |||||
| CVE-2020-36115 | 2 Egavilanmedia, Microsoft | 2 Phpcrud, Windows | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'. | |||||
| CVE-2020-36056 | 1 Beetel | 2 777vr1, 777vr1 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ping diagnostic option. | |||||
| CVE-2020-36012 | 1 Bdtask | 1 Multi-store | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field. | |||||
| CVE-2020-36011 | 1 Qdocs | 1 Smart Hospital | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field. | |||||
| CVE-2020-36007 | 1 Appcms | 1 Appcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users. | |||||
| CVE-2020-35987 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | |||||
| CVE-2020-35986 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | |||||
| CVE-2020-35985 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | |||||
| CVE-2020-35984 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | |||||
| CVE-2020-35973 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php. | |||||
| CVE-2020-35971 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page. | |||||