Export limit exceeded: 45493 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45493 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24692 | 1 Mitel | 1 Micontact Center Business | 2024-11-21 | 7.1 High |
| The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | ||||
| CVE-2020-24670 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 5.4 Medium |
| The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | ||||
| CVE-2020-24669 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 5.4 Medium |
| The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA. | ||||
| CVE-2020-24668 | 1 Tracefinancial | 1 Crestbridge | 2024-11-21 | 5.4 Medium |
| Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03. | ||||
| CVE-2020-24666 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 5.4 Medium |
| The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1 | ||||
| CVE-2020-24664 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 5.4 Medium |
| The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | ||||
| CVE-2020-24663 | 1 Tracefinanacial | 1 Crestbridge | 2024-11-21 | 5.4 Medium |
| Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03. | ||||
| CVE-2020-24662 | 1 Smartstream | 1 Transaction Lifecycle Management Reconciliations-premium | 2024-11-21 | 5.4 Medium |
| SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS. This was fixed in TLM RP 3.1.0. | ||||
| CVE-2020-24627 | 1 Hpe | 2 Kvm Ip Console Switch G2, Kvm Ip Console Switch G2 Firmware | 2024-11-21 | 5.4 Medium |
| A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | ||||
| CVE-2020-24620 | 1 Unisys | 1 Stealth | 2024-11-21 | 7.8 High |
| Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Therefore, a search of Enterprise Manager can potentially reveal credentials. | ||||
| CVE-2020-24609 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2024-11-21 | 6.1 Medium |
| TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload. | ||||
| CVE-2020-24604 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 6.1 Medium |
| A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in server-properties.jsp and security-audit-viewer.jsp | ||||
| CVE-2020-24602 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 6.1 Medium |
| Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in the Server Properties and Security Audit Viewer JSP page | ||||
| CVE-2020-24601 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 6.1 Medium |
| In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page | ||||
| CVE-2020-24599 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks. | ||||
| CVE-2020-24594 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 9.6 Critical |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | ||||
| CVE-2020-24582 | 1 Zulipchat | 1 Zulip Desktop | 2024-11-21 | 6.1 Medium |
| Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface. | ||||
| CVE-2020-24574 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism. | ||||
| CVE-2020-24553 | 5 Fedoraproject, Golang, Opensuse and 2 more | 6 Fedora, Go, Leap and 3 more | 2024-11-21 | 6.1 Medium |
| Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | ||||
| CVE-2020-24445 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 9 Critical |
| AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||