Total
41779 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14492 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser. | |||||
| CVE-2020-14475 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). | |||||
| CVE-2020-14462 | 1 Mitre | 1 Caldera | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| CALDERA 2.7.0 allows XSS via the Operation Name box. | |||||
| CVE-2020-14445 | 1 Wso2 | 2 Identity Server, Identity Server As Key Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface. | |||||
| CVE-2020-14444 | 1 Wso2 | 2 Identity Server, Identity Server As Key Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface. | |||||
| CVE-2020-14424 | 1 Cacti | 1 Cacti | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. | |||||
| CVE-2020-14413 | 1 Nedi | 1 Nedi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. | |||||
| CVE-2020-14408 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector. | |||||
| CVE-2020-14333 | 1 Ovirt | 1 Ovirt-engine | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
| A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or other confidential information, or impersonate them within the application's context. | |||||
| CVE-2020-14320 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 6.1 MEDIUM |
| In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk. | |||||
| CVE-2020-14294 | 1 Secudos | 1 Qiata Fta | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board. | |||||
| CVE-2020-14271 | 1 Hcltech | 1 Hcl Inotes | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials. | |||||
| CVE-2020-14240 | 1 Hcltech | 1 Notes | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials. | |||||
| CVE-2020-14223 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack. | |||||
| CVE-2020-14222 | 1 Hcltech | 1 Hcl Digital Experience | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | |||||
| CVE-2020-14210 | 1 Monitorapp | 2 Application Insight Web Application, Web Application Firewall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking. | |||||
| CVE-2020-14208 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML. | |||||
| CVE-2020-14206 | 1 Divebook Project | 1 Divebook | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter). | |||||
| CVE-2020-14202 | 1 Ibi | 1 Webfocus Business Intelligence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters. | |||||
| CVE-2020-14184 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1. | |||||