Total
41832 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35569 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page. | |||||
| CVE-2020-35563 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page. | |||||
| CVE-2020-35542 | 1 Unisys | 1 Data Exchange Management Studio | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack. | |||||
| CVE-2020-35482 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. | |||||
| CVE-2020-35479 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later. | |||||
| CVE-2020-35478 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later. | |||||
| CVE-2020-35475 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.) | |||||
| CVE-2020-35474 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML. | |||||
| CVE-2020-35438 | 1 Kamalkhan | 1 Kk Star Ratings | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5. | |||||
| CVE-2020-35437 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI. | |||||
| CVE-2020-35419 | 1 Group-office | 1 Group Office | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter. | |||||
| CVE-2020-35418 | 1 Group-office | 1 Group Office | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file. | |||||
| CVE-2020-35416 | 1 Onlineonly | 1 Phpjabbers Appointment Scheduler | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2020-35396 | 1 Egavilanmedia | 1 Barcodes Generator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website. | |||||
| CVE-2020-35395 | 1 Egavilanmedia | 1 Expense Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field | |||||
| CVE-2020-35373 | 1 Fiyo | 1 Fiyo Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. | |||||
| CVE-2020-35349 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page). | |||||
| CVE-2020-35346 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. | |||||
| CVE-2020-35328 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Courier Management System 1.0 - 'First Name' Stored XSS | |||||
| CVE-2020-35309 | 1 Bakeshop Online Ordering System Project | 1 Bakeshop Online Ordering System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories". | |||||