Export limit exceeded: 45683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347776 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45683 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5785 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 6.1 Medium |
| Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter. | ||||
| CVE-2020-5781 | 1 Ignitenet | 1 Helios Glinq | 2024-11-21 | 4.3 Medium |
| In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users. | ||||
| CVE-2020-5769 | 1 Teltonika-networks | 2 Gateway Trb245, Gateway Trb245 Firmware | 2024-11-21 | 5.4 Medium |
| Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section. | ||||
| CVE-2020-5765 | 1 Tenable | 1 Nessus | 2024-11-21 | 5.4 Medium |
| Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue in Nessus 8.11.0. | ||||
| CVE-2020-5751 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 5.4 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. | ||||
| CVE-2020-5750 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 6.1 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | ||||
| CVE-2020-5749 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 5.4 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. | ||||
| CVE-2020-5748 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 6.1 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | ||||
| CVE-2020-5747 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 5.4 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | ||||
| CVE-2020-5746 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 5.4 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | ||||
| CVE-2020-5737 | 1 Tenable | 1 Tenable.sc | 2024-11-21 | 5.4 Medium |
| Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue. | ||||
| CVE-2020-5731 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 6.1 Medium |
| In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. | ||||
| CVE-2020-5730 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 6.1 Medium |
| In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. | ||||
| CVE-2020-5729 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 6.1 Medium |
| In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this issue. | ||||
| CVE-2020-5728 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 6.1 Medium |
| OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). There is insufficient validation for this parameter, which allows for the possibility of cross-site scripting. | ||||
| CVE-2020-5678 | 1 Weseek | 1 Growi | 2024-11-21 | 6.1 Medium |
| Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. | ||||
| CVE-2020-5677 | 1 Weseek | 1 Growi | 2024-11-21 | 6.1 Medium |
| Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. | ||||
| CVE-2020-5669 | 1 Sixapart | 1 Movable Type | 2024-11-21 | 5.4 Medium |
| Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2020-5667 | 1 Wantedlyinc | 1 Studyplus | 2024-11-21 | 5.5 Medium |
| Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | ||||
| CVE-2020-5663 | 1 Riken | 1 Xoonips | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | ||||