Export limit exceeded: 45469 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45469 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14018 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field; however, on the View user page the XSS is triggered via either the User field or the E-Mail field. | ||||
| CVE-2020-14014 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS. | ||||
| CVE-2020-14012 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 5.4 Medium |
| scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent. | ||||
| CVE-2020-14010 | 1 Laborator | 1 Xenon | 2024-11-21 | 6.1 Medium |
| The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter. | ||||
| CVE-2020-14007 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2024-11-21 | 5.4 Medium |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. | ||||
| CVE-2020-14006 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2024-11-21 | 5.4 Medium |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. | ||||
| CVE-2020-13992 | 1 Mods-for-hesk | 1 Mods For Hesk | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket. | ||||
| CVE-2020-13980 | 1 Opencart | 1 Opencart | 2024-11-21 | 4.8 Medium |
| OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you are still required to be logged into the admin. | ||||
| CVE-2020-13973 | 1 Owasp | 1 Json-sanitizer | 2024-11-21 | 6.1 Medium |
| OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript. | ||||
| CVE-2020-13972 | 1 Enghouse | 1 Web Chat | 2024-11-21 | 6.1 Medium |
| Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951. | ||||
| CVE-2020-13971 | 1 Shopware | 1 Shopware | 2024-11-21 | 5.4 Medium |
| In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication. | ||||
| CVE-2020-13969 | 1 Crk | 1 Business Platform | 2024-11-21 | 6.1 Medium |
| CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent. | ||||
| CVE-2020-13964 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. | ||||
| CVE-2020-13963 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 9.8 Critical |
| SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account). | ||||
| CVE-2020-13947 | 2 Apache, Oracle | 3 Activemq, Communications Session Report Manager, Communications Session Route Manager | 2024-11-21 | 6.1 Medium |
| An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. | ||||
| CVE-2020-13944 | 1 Apache | 1 Airflow | 2024-11-21 | 6.1 Medium |
| In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. | ||||
| CVE-2020-13932 | 2 Apache, Redhat | 2 Activemq Artemis, Amq Broker | 2024-11-21 | 6.1 Medium |
| In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section. | ||||
| CVE-2020-13928 | 1 Apache | 1 Atlas | 2024-11-21 | 6.1 Medium |
| Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability. | ||||
| CVE-2020-13913 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2024-11-21 | 6.1 Medium |
| An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | ||||
| CVE-2020-13911 | 1 Your Online Shop Project | 1 Your Online Shop | 2024-11-21 | 5.4 Medium |
| Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname operation. | ||||