Total
41779 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13480 | 1 Verint | 1 Workforce Optimization | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature. | |||||
| CVE-2020-13476 | 1 Nchsoftware | 1 Express Invoice | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module. | |||||
| CVE-2020-13459 | 1 Verbb | 1 Image Resizer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action. | |||||
| CVE-2020-13430 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. | |||||
| CVE-2020-13429 | 1 Grafana | 1 Piechart-panel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option. | |||||
| CVE-2020-13427 | 1 Victorcms Project | 1 Victorcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter. | |||||
| CVE-2020-13423 | 1 Form Builder For Magento 2 Project | 1 Form Builder For Magento 2 | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header. | |||||
| CVE-2020-13418 | 1 Openiam | 1 Openiam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. | |||||
| CVE-2020-13409 | 1 Tufin | 1 Securetrack | 2024-11-21 | 2.3 LOW | 5.9 MEDIUM |
| Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 3 of 3) | |||||
| CVE-2020-13408 | 1 Tufin | 1 Securetrack | 2024-11-21 | 2.3 LOW | 5.9 MEDIUM |
| Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 2 of 3) | |||||
| CVE-2020-13407 | 1 Tufin | 1 Securetrack | 2024-11-21 | 2.3 LOW | 5.9 MEDIUM |
| Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 1 of 3) | |||||
| CVE-2020-13345 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes | |||||
| CVE-2020-13340 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
| An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log | |||||
| CVE-2020-13339 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.0 MEDIUM | 5.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted. | |||||
| CVE-2020-13338 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references. | |||||
| CVE-2020-13337 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 7.2 HIGH |
| An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name. | |||||
| CVE-2020-13336 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 4.0 MEDIUM |
| An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature. | |||||
| CVE-2020-13331 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges. | |||||
| CVE-2020-13330 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 4.4 MEDIUM |
| An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature. | |||||
| CVE-2020-13329 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature. | |||||