Total
41255 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9740 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 9 Critical |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | ||||
| CVE-2020-9738 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 6.8 Medium |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when visiting the page containing the vulnerable field. | ||||
| CVE-2020-9737 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 6.8 Medium |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | ||||
| CVE-2020-9736 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 6.8 Medium |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when browsing to the page containing the vulnerable field. | ||||
| CVE-2020-9735 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 6.8 Medium |
| AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when search queries return the page containing the vulnerable field. | ||||
| CVE-2020-9734 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 9 Critical |
| The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | ||||
| CVE-2020-9732 | 1 Adobe | 2 Experience Manager, Experience Manager Forms | 2024-11-21 | 9 Critical |
| The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | ||||
| CVE-2020-9691 | 1 Magento | 1 Magento | 2024-11-21 | 9.6 Critical |
| Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2020-9665 | 1 Magento | 1 Magento | 2024-11-21 | 6.1 Medium |
| Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2020-9651 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 6.1 Medium |
| Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | ||||
| CVE-2020-9648 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 6.1 Medium |
| Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | ||||
| CVE-2020-9647 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 6.1 Medium |
| Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | ||||
| CVE-2020-9644 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | ||||
| CVE-2020-9584 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2020-9581 | 1 Magento | 1 Magento | 2024-11-21 | 6.1 Medium |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2020-9577 | 1 Magento | 1 Magento | 2024-11-21 | 6.1 Medium |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure . | ||||
| CVE-2020-9524 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-11-21 | 5.4 Medium |
| Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS). | ||||
| CVE-2020-9522 | 1 Microfocus | 1 Arcsight Enterprise Security Manager Express | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | ||||
| CVE-2020-9520 | 1 Microfocus | 1 Vibe | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser. | ||||
| CVE-2020-9496 | 1 Apache | 1 Ofbiz | 2024-11-21 | 6.1 Medium |
| XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 | ||||