Total
37676 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15696 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image. | |||||
| CVE-2020-15676 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | |||||
| CVE-2020-15599 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field. | |||||
| CVE-2020-15597 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field. | |||||
| CVE-2020-15575 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194. | |||||
| CVE-2020-15573 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421. | |||||
| CVE-2020-15562 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists. | |||||
| CVE-2020-15538 | 1 We-com | 1 Municipality Portal Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar. | |||||
| CVE-2020-15537 | 1 Vanguard Project | 1 Vanguard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box. | |||||
| CVE-2020-15536 | 1 Online Hotel Booking System Project | 1 Online Hotel Booking System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields. | |||||
| CVE-2020-15535 | 1 Bestsoftinc | 1 Car Rental System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields. | |||||
| CVE-2020-15521 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . | |||||
| CVE-2020-15517 | 1 Faceted Search Project | 1 Faceted Search | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS. | |||||
| CVE-2020-15516 | 1 Mm Forum Project | 1 Mm Forum | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF. | |||||
| CVE-2020-15514 | 1 Jh Captcha Project | 1 Jh Captcha | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS. | |||||
| CVE-2020-15500 | 1 Tileserver | 1 Tileservergl | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS. | |||||
| CVE-2020-15499 | 1 Asus | 2 Rt-ac1900p, Rt-ac1900p Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page. | |||||
| CVE-2020-15497 | 1 Jalios | 1 Jcms | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. Note: It is asserted that this vulnerability is not present in the standard installation of Jalios JCMS | |||||
| CVE-2020-15400 | 1 Cakefoundation | 1 Cakephp | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS. | |||||
| CVE-2020-15364 | 1 Nexos Project | 1 Nexos | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS. | |||||