Total
41117 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10935 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 5.4 Medium |
| Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover. | ||||
| CVE-2020-10821 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.8 Medium |
| Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. | ||||
| CVE-2020-10820 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.8 Medium |
| Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. | ||||
| CVE-2020-10819 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.8 Medium |
| Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter. | ||||
| CVE-2020-10803 | 5 Debian, Fedoraproject, Opensuse and 2 more | 7 Debian Linux, Fedora, Backports Sle and 4 more | 2024-11-21 | 5.4 Medium |
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. | ||||
| CVE-2020-10797 | 1 Netgate | 1 Pfsense | 2024-11-21 | 6.1 Medium |
| An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed. | ||||
| CVE-2020-10790 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | 5.4 Medium |
| openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. | ||||
| CVE-2020-10777 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-11-21 | 5.4 Medium |
| A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. | ||||
| CVE-2020-10776 | 1 Redhat | 3 Jboss Single Sign On, Keycloak, Red Hat Single Sign On | 2024-11-21 | 4.8 Medium |
| A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack. | ||||
| CVE-2020-10748 | 1 Redhat | 3 Jboss Single Sign On, Keycloak, Single Sign-on | 2024-11-21 | 6.1 Medium |
| A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks. | ||||
| CVE-2020-10688 | 1 Redhat | 7 Enterprise Linux, Fuse, Jboss Enterprise Application Platform and 4 more | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack. | ||||
| CVE-2020-10681 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 5.4 Medium |
| The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. | ||||
| CVE-2020-10670 | 1 Canon | 2 Oce Colorwave 500, Oce Colorwave 500 Firmware | 2024-11-21 | 6.1 Medium |
| The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version. | ||||
| CVE-2020-10668 | 1 Canon | 2 Oce Colorwave 500, Oce Colorwave 500 Firmware | 2024-11-21 | 6.1 Medium |
| The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version. | ||||
| CVE-2020-10667 | 1 Canon | 2 Oce Colorwave 500, Oce Colorwave 500 Firmware | 2024-11-21 | 6.1 Medium |
| The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version. | ||||
| CVE-2020-10643 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 6.5 Medium |
| An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component. | ||||
| CVE-2020-10633 | 1 Hms-networks | 4 Ewon Cosy, Ewon Cosy Firmware, Ewon Flexy and 1 more | 2024-11-21 | 6.1 Medium |
| A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful. | ||||
| CVE-2020-10630 | 1 Sae-it | 2 Net-line Fw-50, Net-line Fw-50 Firmware | 2024-11-21 | 6.1 Medium |
| SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users. | ||||
| CVE-2020-10614 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 4.8 Medium |
| In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display. | ||||
| CVE-2020-10596 | 1 Opencart | 1 Opencart | 2024-11-21 | 5.4 Medium |
| OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section. | ||||