Total
41247 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7256 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 4.8 Medium |
| Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | ||||
| CVE-2020-7249 | 1 Smc | 2 D3g0804, D3g0804 Firmware | 2024-11-21 | 4.8 Medium |
| SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account). | ||||
| CVE-2020-7239 | 1 Ibm | 1 Chatbot With Ibm Watson | 2024-11-21 | 6.1 Medium |
| The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent. | ||||
| CVE-2020-7236 | 1 Uhp | 2 Uhp-100, Uhp-100 Firmware | 2024-11-21 | 6.1 Medium |
| UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section). | ||||
| CVE-2020-7235 | 1 Uhp | 2 Uhp-100, Uhp-100 Firmware | 2024-11-21 | 6.1 Medium |
| UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title). | ||||
| CVE-2020-7234 | 1 Ruckuswireless | 2 R310, R310 Firmware | 2024-11-21 | 4.8 Medium |
| Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account). | ||||
| CVE-2020-7228 | 1 Codepeople | 1 Calculated Fields Form | 2024-11-21 | 5.4 Medium |
| The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user. | ||||
| CVE-2020-7208 | 1 Hp | 1 Linuxki | 2024-11-21 | 6.1 Medium |
| LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. | ||||
| CVE-2020-7140 | 3 Hp, Microsoft, Redhat | 4 Icewall Sso Dfw, Icewall Sso Dgfw, Windows and 1 more | 2024-11-21 | 6.1 Medium |
| A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess | ||||
| CVE-2020-7132 | 1 Hp | 1 Onboard Administrator | 2024-11-21 | 5.4 Medium |
| A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows). | ||||
| CVE-2020-7110 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 4.8 Medium |
| ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. | ||||
| CVE-2020-7108 | 1 Learndash | 1 Learndash | 2024-11-21 | 5.4 Medium |
| The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field. | ||||
| CVE-2020-7107 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-11-21 | 6.1 Medium |
| The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php. | ||||
| CVE-2020-7106 | 5 Cacti, Debian, Fedoraproject and 2 more | 8 Cacti, Debian Linux, Extra Packages For Enterprise Linux and 5 more | 2024-11-21 | 6.1 Medium |
| Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | ||||
| CVE-2020-7104 | 1 Kibokolabs | 1 Chained Quiz | 2024-11-21 | 6.1 Medium |
| The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. | ||||
| CVE-2020-7051 | 1 Codologic | 1 Codoforum | 2024-11-21 | 6.1 Medium |
| Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover. | ||||
| CVE-2020-7050 | 1 Codologic | 1 Codoforum | 2024-11-21 | 5.4 Medium |
| Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts. | ||||
| CVE-2020-7033 | 1 Avaya | 1 Equinox Conferencing | 2024-11-21 | 6.3 Medium |
| A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10. | ||||
| CVE-2020-7017 | 2 Elasticsearch, Oracle | 4 Kibana, Communications Billing And Revenue Management, Communications Cloud Native Core Network Function Cloud Native Environment and 1 more | 2024-11-21 | 6.7 Medium |
| In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization. | ||||
| CVE-2020-7015 | 2 Elastic, Redhat | 2 Kibana, Openshift | 2024-11-21 | 5.4 Medium |
| Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization. | ||||