Total
41130 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13633 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 6.1 Medium |
| Fork before 5.8.3 allows XSS via navigation_title or title. | ||||
| CVE-2020-13628 | 1 Centreon | 3 Centreon Host-monitoring Widget, Centreon Service-monitoring Widget, Centreon Tactical-overview Widget | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. | ||||
| CVE-2020-13627 | 1 Centreon | 3 Centreon Host-monitoring Widget, Centreon Service-monitoring Widget, Centreon Tactical-overview Widget | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. | ||||
| CVE-2020-13596 | 6 Canonical, Debian, Djangoproject and 3 more | 7 Ubuntu Linux, Debian Linux, Django and 4 more | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. | ||||
| CVE-2020-13564 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2024-11-21 | 6.1 Medium |
| A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter. | ||||
| CVE-2020-13563 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2024-11-21 | 6.1 Medium |
| A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter. | ||||
| CVE-2020-13562 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2024-11-21 | 6.1 Medium |
| A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter. | ||||
| CVE-2020-13487 | 1 Bbpress | 1 Bbpress | 2024-11-21 | 4.8 Medium |
| The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI. | ||||
| CVE-2020-13483 | 1 Bitrix24 | 1 Bitrix24 | 2024-11-21 | 6.1 Medium |
| The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI. | ||||
| CVE-2020-13480 | 1 Verint | 1 Workforce Optimization | 2024-11-21 | 5.4 Medium |
| Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature. | ||||
| CVE-2020-13476 | 1 Nchsoftware | 1 Express Invoice | 2024-11-21 | 4.8 Medium |
| NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module. | ||||
| CVE-2020-13459 | 1 Verbb | 1 Image Resizer | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action. | ||||
| CVE-2020-13430 | 2 Grafana, Redhat | 3 Grafana, Enterprise Linux, Service Mesh | 2024-11-21 | 6.1 Medium |
| Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. | ||||
| CVE-2020-13429 | 1 Grafana | 1 Piechart-panel | 2024-11-21 | 5.4 Medium |
| legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option. | ||||
| CVE-2020-13427 | 1 Victorcms Project | 1 Victorcms | 2024-11-21 | 6.1 Medium |
| Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter. | ||||
| CVE-2020-13423 | 1 Form Builder For Magento 2 Project | 1 Form Builder For Magento 2 | 2024-11-21 | 4.8 Medium |
| Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header. | ||||
| CVE-2020-13418 | 1 Openiam | 1 Openiam | 2024-11-21 | 6.1 Medium |
| OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. | ||||
| CVE-2020-13409 | 1 Tufin | 1 Securetrack | 2024-11-21 | 5.9 Medium |
| Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 3 of 3) | ||||
| CVE-2020-13408 | 1 Tufin | 1 Securetrack | 2024-11-21 | 5.9 Medium |
| Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 2 of 3) | ||||
| CVE-2020-13407 | 1 Tufin | 1 Securetrack | 2024-11-21 | 5.9 Medium |
| Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 1 of 3) | ||||