Total
41197 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36397 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | ||||
| CVE-2020-36396 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | ||||
| CVE-2020-36395 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | ||||
| CVE-2020-36384 | 1 Pagelayer | 1 Pagelayer | 2024-11-21 | 6.1 Medium |
| PageLayer before 1.3.5 allows reflected XSS via color settings. | ||||
| CVE-2020-36383 | 1 Pagelayer | 1 Pagelayer | 2024-11-21 | 6.1 Medium |
| PageLayer before 1.3.5 allows reflected XSS via the font-size parameter. | ||||
| CVE-2020-36324 | 1 Wikimedia | 1 Analytics-quarry-web | 2024-11-21 | 6.1 Medium |
| Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type. | ||||
| CVE-2020-36307 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 6.1 Medium |
| Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. | ||||
| CVE-2020-36306 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 6.1 Medium |
| Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. | ||||
| CVE-2020-36290 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | 5.4 Medium |
| The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality. | ||||
| CVE-2020-36288 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 6.1 Medium |
| The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution. | ||||
| CVE-2020-36236 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 6.1 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | ||||
| CVE-2020-36234 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 4.8 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | ||||
| CVE-2020-36202 | 1 Rust-lang | 1 Async-h1 | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy. | ||||
| CVE-2020-36196 | 1 Qnap | 1 Qulog Center | 2024-11-21 | 6.1 Medium |
| A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0. | ||||
| CVE-2020-36194 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 6.1 Medium |
| An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. | ||||
| CVE-2020-36190 | 1 Rails Admin Project | 1 Rails Admin | 2024-11-21 | 6.1 Medium |
| RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms. | ||||
| CVE-2020-36172 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2024-11-21 | 6.1 Medium |
| The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. | ||||
| CVE-2020-36171 | 1 Elementor | 1 Website Builder | 2024-11-21 | 6.1 Medium |
| The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads. | ||||
| CVE-2020-36139 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 5.4 Medium |
| BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter. | ||||
| CVE-2020-36115 | 2 Egavilanmedia, Microsoft | 2 Phpcrud, Windows | 2024-11-21 | 5.4 Medium |
| Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'. | ||||