Total
41123 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12708 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043. | ||||
| CVE-2020-12707 | 1 Lepton-cms | 1 Lepton Cms | 2024-11-21 | 6.1 Medium |
| An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements. | ||||
| CVE-2020-12706 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 5.4 Medium |
| Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php | ||||
| CVE-2020-12705 | 1 Lepton-cms | 1 Leptoncms | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0. | ||||
| CVE-2020-12704 | 1 Ulicms | 1 Ulicms | 2024-11-21 | 6.1 Medium |
| UliCMS before 2020.2 has PageController stored XSS. | ||||
| CVE-2020-12703 | 1 Ulicms | 1 Ulicms | 2024-11-21 | 6.1 Medium |
| UliCMS before 2020.2 has XSS during PackageController uninstall. | ||||
| CVE-2020-12696 | 1 Iframe Project | 1 Iframe | 2024-11-21 | 6.1 Medium |
| The iframe plugin before 4.5 for WordPress does not sanitize a URL. | ||||
| CVE-2020-12685 | 1 Redhat | 1 Interchange | 2024-11-21 | 6.1 Medium |
| XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. | ||||
| CVE-2020-12683 | 1 Katyshop2 Project | 1 Katyshop2 | 2024-11-21 | 5.4 Medium |
| Katyshop2 before 2.12 has multiple stored XSS issues. | ||||
| CVE-2020-12679 | 1 Mitel | 2 Mivoice Connect, Shoretel Conference Web | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php. | ||||
| CVE-2020-12677 | 1 Progress | 1 Moveit Automation | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 2018 SP1 - 2018.2 prior to 2018.2.3, 2018 SP2 - 2018.3 prior to 2018.3.7, 2019 - 2019.0 prior to 2019.0.3, 2019.1 - 2019.1 prior to 2019.1.2, and 2019.2 - 2019.2 prior to 2019.2.2. | ||||
| CVE-2020-12670 | 1 Webmin | 1 Webmin | 2024-11-21 | 6.1 Medium |
| XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email. | ||||
| CVE-2020-12648 | 1 Tiny | 1 Tinymce | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. | ||||
| CVE-2020-12646 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.4 Medium |
| OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. | ||||
| CVE-2020-12639 | 1 Phplist | 1 Phplist | 2024-11-21 | 6.1 Medium |
| phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. | ||||
| CVE-2020-12635 | 1 Mageme | 1 Webforms Pro M2 | 2024-11-21 | 6.1 Medium |
| XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field. | ||||
| CVE-2020-12629 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 5.4 Medium |
| include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. | ||||
| CVE-2020-12625 | 3 Debian, Opensuse, Roundcube | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | ||||
| CVE-2020-12530 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 4.3 Medium |
| An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter. | ||||
| CVE-2020-12517 | 1 Phoenixcontact | 7 Axc F 1152, Axc F 2152, Axc F 2152 Starterkit and 4 more | 2024-11-21 | 8.8 High |
| On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation). | ||||