Total
41944 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5557 | 1 Cutephp | 1 Cutenews | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-5552 | 1 Mailform | 1 Mailform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-5540 | 1 Cybersolutions | 1 Cybermail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to inject arbitrary script or HTML via a specially crafted URL. | |||||
| CVE-2020-5533 | 1 Nec | 2 Aterm Wg2600hs, Aterm Wg2600hs Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-5528 | 1 Sixapart | 1 Movable Type | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL. | |||||
| CVE-2020-5497 | 1 Mitreid | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript. | |||||
| CVE-2020-5398 | 3 Netapp, Oracle, Vmware | 33 Data Availability Services, Snapcenter, Application Testing Suite and 30 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. | |||||
| CVE-2020-5393 | 1 Appspace | 1 On-prem | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS. | |||||
| CVE-2020-5392 | 1 Auth0 | 1 Wp-auth0 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. | |||||
| CVE-2020-5346 | 1 Emc | 1 Rsa Authentication Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser. | |||||
| CVE-2020-5340 | 1 Emc | 1 Rsa Authentication Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser. | |||||
| CVE-2020-5339 | 1 Emc | 1 Rsa Authentication Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser. | |||||
| CVE-2020-5336 | 1 Rsa | 1 Archer | 2024-11-21 | 5.8 MEDIUM | 4.6 MEDIUM |
| RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the affected system. | |||||
| CVE-2020-5334 | 1 Rsa | 1 Archer | 2024-11-21 | 4.3 MEDIUM | 8.2 HIGH |
| RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2020-5317 | 1 Dell | 1 Emc Elastic Cloud Storage | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2020-5308 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php. | |||||
| CVE-2020-5306 | 1 Codologic | 1 Codoforum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. | |||||
| CVE-2020-5305 | 1 Codologic | 1 Codoforum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. | |||||
| CVE-2020-5298 | 1 Octobercms | 1 October | 2024-11-21 | 3.5 LOW | 4.0 MEDIUM |
| In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466). | |||||
| CVE-2020-5294 | 1 Prestashop | 1 Prestashop Socialfollow | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0 | |||||