Export limit exceeded: 346772 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45595 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14424 | 1 Cacti | 1 Cacti | 2024-11-21 | 6.1 Medium |
| Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. | ||||
| CVE-2020-14413 | 1 Nedi | 1 Nedi | 2024-11-21 | 6.1 Medium |
| NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. | ||||
| CVE-2020-14408 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector. | ||||
| CVE-2020-14333 | 2 Ovirt, Redhat | 2 Ovirt-engine, Rhev Manager | 2024-11-21 | 6.3 Medium |
| A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or other confidential information, or impersonate them within the application's context. | ||||
| CVE-2020-14320 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.1 Medium |
| In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk. | ||||
| CVE-2020-14294 | 1 Secudos | 1 Qiata Fta | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board. | ||||
| CVE-2020-14271 | 1 Hcltech | 1 Hcl Inotes | 2024-11-21 | 6.1 Medium |
| HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials. | ||||
| CVE-2020-14240 | 1 Hcltech | 1 Notes | 2024-11-21 | 6.1 Medium |
| HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials. | ||||
| CVE-2020-14223 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 6.1 Medium |
| HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack. | ||||
| CVE-2020-14222 | 1 Hcltech | 1 Hcl Digital Experience | 2024-11-21 | 6.1 Medium |
| HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | ||||
| CVE-2020-14210 | 1 Monitorapp | 2 Application Insight Web Application, Web Application Firewall | 2024-11-21 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking. | ||||
| CVE-2020-14208 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.4 Medium |
| SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML. | ||||
| CVE-2020-14206 | 1 Divebook Project | 1 Divebook | 2024-11-21 | 6.1 Medium |
| The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter). | ||||
| CVE-2020-14202 | 1 Ibi | 1 Webfocus Business Intelligence | 2024-11-21 | 6.1 Medium |
| WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters. | ||||
| CVE-2020-14184 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 5.4 Medium |
| Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1. | ||||
| CVE-2020-14175 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | 5.4 Medium |
| Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2. | ||||
| CVE-2020-14173 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 5.4 Medium |
| The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. | ||||
| CVE-2020-14169 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 6.1 Medium |
| The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability | ||||
| CVE-2020-14166 | 1 Atlassian | 1 Jira Service Desk | 2024-11-21 | 4.8 Medium |
| The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file. | ||||
| CVE-2020-14164 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 6.1 Medium |
| The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field. | ||||