Total
41756 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10395 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10394 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10393 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10392 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10391 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10388 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php). | |||||
| CVE-2020-10385 | 1 Wpforms | 1 Contact Form | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. | |||||
| CVE-2020-10372 | 1 Ramp | 1 Altimeter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI. | |||||
| CVE-2020-10247 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp. | |||||
| CVE-2020-10246 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp. | |||||
| CVE-2020-10242 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks. | |||||
| CVE-2020-10227 | 1 Vtenext | 1 Vtenext | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email. | |||||
| CVE-2020-10203 | 1 Sonatype | 1 Nexus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Sonatype Nexus Repository before 3.21.2 allows XSS. | |||||
| CVE-2020-10192 | 1 Munkireport Project | 1 Munkireport | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php. | |||||
| CVE-2020-10191 | 1 Munkireport Project | 1 Munkireport | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail. | |||||
| CVE-2020-10146 | 1 Microsoft | 1 Teams | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
| The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for all Teams users in the online service on or around October 2020. | |||||
| CVE-2020-10132 | 1 Searchblox | 1 Searchblox | 2024-11-21 | N/A | 6.1 MEDIUM |
| SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration. | |||||
| CVE-2020-10128 | 1 Searchblox | 1 Searchblox | 2024-11-21 | N/A | 5.4 MEDIUM |
| SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript. | |||||
| CVE-2020-10114 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535). | |||||
| CVE-2020-10113 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515). | |||||