Total
44121 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15907 | 1 Mahara | 1 Mahara | 2024-11-21 | 6.1 Medium |
| In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript. | ||||
| CVE-2020-15902 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option. | ||||
| CVE-2020-15895 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage. | ||||
| CVE-2020-15885 | 1 Munkireport Project | 1 Comment | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment. | ||||
| CVE-2020-15883 | 1 Managedinstalls Project | 1 Managedinstalls | 2024-11-21 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported). | ||||
| CVE-2020-15881 | 1 Munki Facts Project | 1 Munki Facts | 2024-11-21 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name. | ||||
| CVE-2020-15870 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2024-11-21 | 6.1 Medium |
| Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2). | ||||
| CVE-2020-15869 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2024-11-21 | 5.4 Medium |
| Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). | ||||
| CVE-2020-15864 | 1 Quali | 1 Cloudshell | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page. | ||||
| CVE-2020-15855 | 1 Redhat | 1 Bodhi | 2024-11-21 | 6.1 Medium |
| Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1. | ||||
| CVE-2020-15831 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.1 Medium |
| JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. | ||||
| CVE-2020-15830 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.1 Medium |
| JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. | ||||
| CVE-2020-15803 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Backports and 2 more | 2024-11-21 | 6.1 Medium |
| Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. | ||||
| CVE-2020-15788 | 1 Siemens | 1 Polarion Subversion Webclient | 2024-11-21 | 6.1 Medium |
| A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client (e.g. by clicking on a malicious URL with embedded JavaScript), then JavaScript code can be returned and may then be executed by the user’s client. Various actions could be triggered by running malicious JavaScript code. | ||||
| CVE-2020-15781 | 1 Siemens | 2 Sicam A8000, Sicam A8000 Firmware | 2024-11-21 | 9.6 Critical |
| A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application. | ||||
| CVE-2020-15769 | 1 Gradle | 1 Enterprise | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL. | ||||
| CVE-2020-15721 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 6.1 Medium |
| RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php. | ||||
| CVE-2020-15717 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 6.1 Medium |
| RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL. | ||||
| CVE-2020-15696 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image. | ||||
| CVE-2020-15676 | 4 Debian, Mozilla, Opensuse and 1 more | 8 Debian Linux, Firefox, Firefox Esr and 5 more | 2024-11-21 | 6.1 Medium |
| Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | ||||