Total
41247 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7011 | 1 Elastic | 1 Elastic App Search | 2024-11-21 | 6.1 Medium |
| Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim�s web browser. | ||||
| CVE-2020-7006 | 1 Systech | 4 Nds-5000, Nds-5000 Firmware, Nds\/5008rm and 1 more | 2024-11-21 | 8.4 High |
| Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution. | ||||
| CVE-2020-6973 | 1 Digi | 3 Connectport Lts 32 Mei, Connectport Lts 32 Mei Bios, Connectport Lts 32 Mei Firmware | 2024-11-21 | 6.2 Medium |
| Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition. | ||||
| CVE-2020-6956 | 1 Pcs | 1 Dexicon Enterprise | 2024-11-21 | 6.1 Medium |
| PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_action.jsp. | ||||
| CVE-2020-6955 | 1 Cayintech | 2 Smp-pro4, Smp-pro4 Firmware | 2024-11-21 | 6.1 Medium |
| An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS. | ||||
| CVE-2020-6876 | 1 Zte | 1 Evdc | 2024-11-21 | 5.4 Medium |
| A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04 | ||||
| CVE-2020-6872 | 1 Zte | 6 R5300g4, R5300g4 Firmware, R5500g4 and 3 more | 2024-11-21 | 6.1 Medium |
| The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>. | ||||
| CVE-2020-6854 | 1 Sos-berlin | 1 Jobscheduler | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API. | ||||
| CVE-2020-6850 | 1 Miniorange | 1 Saml Sp Single Sign On | 2024-11-21 | 6.1 Medium |
| Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element. | ||||
| CVE-2020-6848 | 1 Axper | 2 Vision Ii, Vision Ii Firmware | 2024-11-21 | 6.1 Medium |
| Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI. | ||||
| CVE-2020-6847 | 1 Opentrade Project | 1 Opentrade | 2024-11-21 | 5.4 Medium |
| OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript. | ||||
| CVE-2020-6845 | 1 Topmanage | 1 Olk Webstore | 2024-11-21 | 6.1 Medium |
| An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack. | ||||
| CVE-2020-6843 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 4.8 Medium |
| Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. | ||||
| CVE-2020-6816 | 2 Fedoraproject, Mozilla | 2 Fedora, Bleach | 2024-11-21 | 6.1 Medium |
| In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. | ||||
| CVE-2020-6804 | 1 Mozilla | 1 Webthings Gateway | 2024-11-21 | 8.8 High |
| A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system. | ||||
| CVE-2020-6802 | 2 Fedoraproject, Mozilla | 2 Fedora, Bleach | 2024-11-21 | 6.1 Medium |
| In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. | ||||
| CVE-2020-6798 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-11-21 | 6.1 Medium |
| If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. | ||||
| CVE-2020-6777 | 1 Bosch | 4 Praesensa, Praesensa Firmware, Praesideo and 1 more | 2024-11-21 | 4.8 Medium |
| A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker with admin privileges to mount a stored Cross-Site-Scripting (XSS) attack against another user. When the victim logs into the management interface, the stored script code is executed in the context of his browser. A successful exploit would allow an attacker to interact with the management interface with the privileges of the victim. However, as the attacker already needs admin privileges, there is no additional impact on the management interface itself. | ||||
| CVE-2020-6758 | 1 Rasilient | 2 Pixelstor 5000, Pixelstor 5000 Firmware | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows remote attackers to inject arbitrary web script or HTML via the ContentFrame parameter. | ||||
| CVE-2020-6753 | 1 Auth0 | 1 Login By Auth0 | 2024-11-21 | 6.1 Medium |
| The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. | ||||