Export limit exceeded: 14123 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45606 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45606 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13258 | 1 Contentful | 1 Python Example | 2024-11-21 | 6.1 Medium |
| Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py. | ||||
| CVE-2020-13248 | 1 Boolebox | 1 Boolebox | 2024-11-21 | 5.4 Medium |
| BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx. | ||||
| CVE-2020-13239 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS. | ||||
| CVE-2020-13228 | 1 Sysax | 1 Multi Server | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter. | ||||
| CVE-2020-13225 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 4.8 Medium |
| phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget. | ||||
| CVE-2020-13183 | 1 Teradici | 1 Pcoip Management Console | 2024-11-21 | 6.1 Medium |
| Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload. | ||||
| CVE-2020-13176 | 1 Teradici | 2 Cloud Access Connector, Cloud Access Connector Legacy | 2024-11-21 | 6.1 Medium |
| The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application. | ||||
| CVE-2020-13169 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 9.0 Critical |
| Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account). | ||||
| CVE-2020-13168 | 1 Sysaid | 2 Sysaid On-premises, Sysaidsy On-premises | 2024-11-21 | 6.1 Medium |
| SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. | ||||
| CVE-2020-13166 | 1 Mylittletools | 1 Mylittleadmin | 2024-11-21 | 9.8 Critical |
| The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code. | ||||
| CVE-2020-13153 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. | ||||
| CVE-2020-13145 | 1 Edx | 1 Open Edx Platform | 2024-11-21 | 5.4 Medium |
| Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS. | ||||
| CVE-2020-13134 | 1 Tufin | 1 Securechange | 2024-11-21 | 4.8 Medium |
| Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1. | ||||
| CVE-2020-13133 | 1 Tufin | 1 Securechange | 2024-11-21 | 6.1 Medium |
| Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) unauthenticated users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1 | ||||
| CVE-2020-13116 | 1 Carbonite | 1 Server Backup Portal | 2024-11-21 | 5.4 Medium |
| OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation. | ||||
| CVE-2020-13094 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 5.4 Medium |
| Dolibarr before 11.0.4 allows XSS. | ||||
| CVE-2020-12882 | 1 Rcos | 1 Submitty | 2024-11-21 | 5.4 Medium |
| Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. | ||||
| CVE-2020-12869 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2024-11-21 | 5.4 Medium |
| RainbowFish PacsOne Server 6.8.4 allows XSS. | ||||
| CVE-2020-12853 | 1 Pydio | 1 Cells | 2024-11-21 | 6.1 Medium |
| Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells. | ||||
| CVE-2020-12849 | 1 Pydio | 1 Cells | 2024-11-21 | 5.4 Medium |
| Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user. | ||||