Export limit exceeded: 45662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45662 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4198 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2024-11-21 | 5.4 Medium |
| IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174909. | ||||
| CVE-2020-4196 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2024-11-21 | 5.4 Medium |
| IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174907. | ||||
| CVE-2020-4190 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 6.7 Medium |
| IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851. | ||||
| CVE-2020-4183 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 6.1 Medium |
| IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174739. | ||||
| CVE-2020-4182 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 6.1 Medium |
| IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174738. | ||||
| CVE-2020-4177 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 9.8 Critical |
| IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174732. | ||||
| CVE-2020-4162 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.4 Medium |
| IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174342. | ||||
| CVE-2020-4157 | 1 Ibm | 1 Qradar Network Security | 2024-11-21 | 7.5 High |
| IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174337. | ||||
| CVE-2020-4153 | 1 Ibm | 1 Qradar Network Security | 2024-11-21 | 5.4 Medium |
| IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174269. | ||||
| CVE-2020-4150 | 1 Ibm | 1 Security Siteprotector System | 2024-11-21 | 9.8 Critical |
| IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142. | ||||
| CVE-2020-4140 | 1 Ibm | 1 Security Siteprotector System | 2024-11-21 | 5.4 Medium |
| IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052. | ||||
| CVE-2020-4104 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 5.4 Medium |
| HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855&sys_kb_id=971d99ed1b8ed01c086dcbfc0a4bcb6a. | ||||
| CVE-2020-4084 | 1 Hcltech | 1 Connections | 2024-11-21 | 5.4 Medium |
| HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2020-4082 | 1 Hcltech | 1 Connections | 2024-11-21 | 5.4 Medium |
| The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2020-4081 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 6.1 Medium |
| In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS). | ||||
| CVE-2020-4080 | 1 Hcltech | 1 Domino | 2024-11-21 | 6.1 Medium |
| HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials. | ||||
| CVE-2020-4070 | 1 W3c | 1 Css Validator | 2024-11-21 | 4.6 Medium |
| In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9. | ||||
| CVE-2020-4061 | 1 Octobercms | 1 October | 2024-11-21 | 3.7 Low |
| In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467. | ||||
| CVE-2020-4054 | 1 Sanitize Project | 1 Sanitize | 2024-11-21 | 7.3 High |
| In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1. | ||||
| CVE-2020-4052 | 1 Requarks | 1 Wiki.js | 2024-11-21 | 6.3 Medium |
| In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an insecure validation mechanism intended to insert v-pre tags into rendered HTML elements which contain curly-braces. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. This has been patched in 2.4.107. | ||||