Total
41118 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11779 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-11778 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-11777 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-11776 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-11775 | 1 Netgear | 34 D7800, D7800 Firmware, R7500 and 31 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-11774 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-11773 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-11772 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-11771 | 1 Netgear | 16 D7800, D7800 Firmware, R7500 and 13 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-11769 | 1 Netgear | 32 D7800, D7800 Firmware, R7500 and 29 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-11768 | 1 Netgear | 34 D7800, D7800 Firmware, R7500 and 31 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-11749 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 9.0 Critical |
| Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2. | ||||
| CVE-2020-11737 | 1 Zimbra | 1 Zimbra | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2. | ||||
| CVE-2020-11734 | 1 Cybersolutions | 1 Cybermail | 2024-11-21 | 6.1 Medium |
| cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the ACTION parameter. | ||||
| CVE-2020-11731 | 1 Davidlingren | 1 Media Library Assistant | 2024-11-21 | 6.1 Medium |
| The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. | ||||
| CVE-2020-11727 | 1 Algolplus | 1 Advanced Order Export For Woocommerce | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter. | ||||
| CVE-2020-11714 | 1 Etentech | 2 Psg-6528vm, Psg-6528vm Firmware | 2024-11-21 | 5.4 Medium |
| eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Location. | ||||
| CVE-2020-11712 | 1 Open Upload Project | 1 Open Upload | 2024-11-21 | 6.1 Medium |
| Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field. | ||||
| CVE-2020-11711 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 4.8 Medium |
| An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form. | ||||
| CVE-2020-11704 | 1 Provideserver | 1 Provide Ftp Server | 2024-11-21 | 6.1 Medium |
| An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter. | ||||