Total
37662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13153 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. | |||||
| CVE-2020-13145 | 1 Edx | 1 Open Edx Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS. | |||||
| CVE-2020-13134 | 1 Tufin | 1 Securechange | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1. | |||||
| CVE-2020-13133 | 1 Tufin | 1 Securechange | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) unauthenticated users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1 | |||||
| CVE-2020-13116 | 1 Carbonite | 1 Server Backup Portal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation. | |||||
| CVE-2020-13094 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr before 11.0.4 allows XSS. | |||||
| CVE-2020-12882 | 1 Rcos | 1 Submitty | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. | |||||
| CVE-2020-12869 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| RainbowFish PacsOne Server 6.8.4 allows XSS. | |||||
| CVE-2020-12853 | 1 Pydio | 1 Cells | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells. | |||||
| CVE-2020-12849 | 1 Pydio | 1 Cells | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user. | |||||
| CVE-2020-12817 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. | |||||
| CVE-2020-12816 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. | |||||
| CVE-2020-12815 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. | |||||
| CVE-2020-12814 | 1 Fortinet | 1 Fortianalyzer | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI. | |||||
| CVE-2020-12811 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. | |||||
| CVE-2020-12779 | 1 Combodo | 1 Itop | 2024-11-21 | 3.5 LOW | 6.8 MEDIUM |
| Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. | |||||
| CVE-2020-12778 | 1 Combodo | 1 Itop | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. | |||||
| CVE-2020-12759 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook. | |||||
| CVE-2020-12718 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle. | |||||
| CVE-2020-12708 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043. | |||||