Total
41137 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13972 | 1 Enghouse | 1 Web Chat | 2024-11-21 | 6.1 Medium |
| Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951. | ||||
| CVE-2020-13971 | 1 Shopware | 1 Shopware | 2024-11-21 | 5.4 Medium |
| In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication. | ||||
| CVE-2020-13969 | 1 Crk | 1 Business Platform | 2024-11-21 | 6.1 Medium |
| CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent. | ||||
| CVE-2020-13964 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. | ||||
| CVE-2020-13947 | 2 Apache, Oracle | 3 Activemq, Communications Session Report Manager, Communications Session Route Manager | 2024-11-21 | 6.1 Medium |
| An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. | ||||
| CVE-2020-13944 | 1 Apache | 1 Airflow | 2024-11-21 | 6.1 Medium |
| In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. | ||||
| CVE-2020-13932 | 2 Apache, Redhat | 2 Activemq Artemis, Amq Broker | 2024-11-21 | 6.1 Medium |
| In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section. | ||||
| CVE-2020-13928 | 1 Apache | 1 Atlas | 2024-11-21 | 6.1 Medium |
| Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability. | ||||
| CVE-2020-13913 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2024-11-21 | 6.1 Medium |
| An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | ||||
| CVE-2020-13911 | 1 Your Online Shop Project | 1 Your Online Shop | 2024-11-21 | 5.4 Medium |
| Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname operation. | ||||
| CVE-2020-13897 | 1 Hesk | 1 Hesk | 2024-11-21 | 6.1 Medium |
| HESK before 3.1.10 allows reflected XSS. | ||||
| CVE-2020-13893 | 1 Sage | 1 Easypay | 2024-11-21 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E). | ||||
| CVE-2020-13892 | 1 Themeboy | 1 Sportspress | 2024-11-21 | 5.4 Medium |
| The SportsPress plugin before 2.7.2 for WordPress allows XSS. | ||||
| CVE-2020-13890 | 1 Laborator | 1 Neon | 2024-11-21 | 5.4 Medium |
| The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard. | ||||
| CVE-2020-13889 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| showAlert() in the administration panel in Bludit 3.12.0 allows XSS. | ||||
| CVE-2020-13888 | 1 Kordil Edms Project | 1 Kordil Edms | 2024-11-21 | 5.4 Medium |
| Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php. | ||||
| CVE-2020-13870 | 1 Verbb | 1 Comments | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name. | ||||
| CVE-2020-13869 | 1 Verbb | 1 Comments | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name. | ||||
| CVE-2020-13865 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 5.4 Medium |
| The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes. | ||||
| CVE-2020-13864 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 5.4 Medium |
| The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links. | ||||