Export limit exceeded: 347694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45666 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45666 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5838 | 1 Symantec | 1 It Analytics | 2024-11-21 | 4.8 Medium |
| Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users. | ||||
| CVE-2020-5810 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload. | ||||
| CVE-2020-5809 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS. | ||||
| CVE-2020-5785 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 6.1 Medium |
| Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter. | ||||
| CVE-2020-5781 | 1 Ignitenet | 1 Helios Glinq | 2024-11-21 | 4.3 Medium |
| In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users. | ||||
| CVE-2020-5769 | 1 Teltonika-networks | 2 Gateway Trb245, Gateway Trb245 Firmware | 2024-11-21 | 5.4 Medium |
| Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section. | ||||
| CVE-2020-5765 | 1 Tenable | 1 Nessus | 2024-11-21 | 5.4 Medium |
| Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue in Nessus 8.11.0. | ||||
| CVE-2020-5751 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 5.4 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. | ||||
| CVE-2020-5750 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 6.1 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | ||||
| CVE-2020-5749 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 5.4 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. | ||||
| CVE-2020-5748 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 6.1 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | ||||
| CVE-2020-5747 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 5.4 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | ||||
| CVE-2020-5746 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 5.4 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | ||||
| CVE-2020-5737 | 1 Tenable | 1 Tenable.sc | 2024-11-21 | 5.4 Medium |
| Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue. | ||||
| CVE-2020-5731 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 6.1 Medium |
| In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. | ||||
| CVE-2020-5730 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 6.1 Medium |
| In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. | ||||
| CVE-2020-5729 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 6.1 Medium |
| In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this issue. | ||||
| CVE-2020-5728 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 6.1 Medium |
| OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). There is insufficient validation for this parameter, which allows for the possibility of cross-site scripting. | ||||
| CVE-2020-5678 | 1 Weseek | 1 Growi | 2024-11-21 | 6.1 Medium |
| Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. | ||||
| CVE-2020-5677 | 1 Weseek | 1 Growi | 2024-11-21 | 6.1 Medium |
| Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. | ||||