Export limit exceeded: 45464 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45464 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12635 | 1 Mageme | 1 Webforms Pro M2 | 2024-11-21 | 6.1 Medium |
| XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field. | ||||
| CVE-2020-12629 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 5.4 Medium |
| include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. | ||||
| CVE-2020-12627 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.8 Critical |
| Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key. | ||||
| CVE-2020-12625 | 3 Debian, Opensuse, Roundcube | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | ||||
| CVE-2020-12530 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 4.3 Medium |
| An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter. | ||||
| CVE-2020-12517 | 1 Phoenixcontact | 7 Axc F 1152, Axc F 2152, Axc F 2152 Starterkit and 4 more | 2024-11-21 | 8.8 High |
| On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation). | ||||
| CVE-2020-12512 | 1 Pepperl-fuchs | 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more | 2024-11-21 | 7.5 High |
| Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting | ||||
| CVE-2020-12501 | 2 Korenix, Pepperl-fuchs | 52 Jetnet4510 Firmware, Jetnet4706 Firmware, Jetnet4706f Firmware and 49 more | 2024-11-21 | 9.8 Critical |
| Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts. | ||||
| CVE-2020-12472 | 1 Mono | 1 Monox | 2024-11-21 | 5.4 Medium |
| MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. | ||||
| CVE-2020-12438 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 5.4 Medium |
| An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags. | ||||
| CVE-2020-12432 | 1 Collaboraoffice | 1 Collabora Online Development Edition | 2024-11-21 | 6.1 Medium |
| The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken. | ||||
| CVE-2020-12404 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 Medium |
| For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26. | ||||
| CVE-2020-12376 | 1 Intel | 48 Bmc Firmware, Hns2600bpb, Hns2600bpb24 and 45 more | 2024-11-21 | 5.5 Medium |
| Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-12276 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.8 Medium |
| GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. | ||||
| CVE-2020-12262 | 1 Intelbras | 6 Tip200, Tip200 Firmware, Tip200lite and 3 more | 2024-11-21 | 5.4 Medium |
| Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS. | ||||
| CVE-2020-12261 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 5.4 Medium |
| Open-AudIT 3.3.0 allows an XSS attack after login. | ||||
| CVE-2020-12259 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 5.4 Medium |
| rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php. | ||||
| CVE-2020-12256 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 5.4 Medium |
| rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php. | ||||
| CVE-2020-12245 | 2 Grafana, Redhat | 4 Grafana, Enterprise Linux, Openshift and 1 more | 2024-11-21 | 6.1 Medium |
| Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. | ||||
| CVE-2020-12137 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 6.1 Medium |
| GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. | ||||