Export limit exceeded: 341641 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44696 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44696 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-20141 | 1 Flexmonster | 1 Pivot Table \& Charts | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17. | ||||
| CVE-2020-20140 | 1 Flexmonster | 1 Pivot Table \& Charts | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17. | ||||
| CVE-2020-20139 | 1 Flexmonster | 1 Pivot Table \& Charts | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17. | ||||
| CVE-2020-20138 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4. | ||||
| CVE-2020-20131 | 1 Laracms Project | 1 Laracms | 2024-11-21 | 5.4 Medium |
| LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module. | ||||
| CVE-2020-20129 | 1 Laracms Project | 1 Laracms | 2024-11-21 | 5.4 Medium |
| LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor. | ||||
| CVE-2020-20125 | 1 Earclink | 1 Espcms-p8 | 2024-11-21 | 6.1 Medium |
| EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load.php. | ||||
| CVE-2020-1949 | 1 Apache | 1 Sling Cms | 2024-11-21 | 6.1 Medium |
| Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks. | ||||
| CVE-2020-1943 | 1 Apache | 1 Ofbiz | 2024-11-21 | 6.1 Medium |
| Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07. | ||||
| CVE-2020-1941 | 2 Apache, Oracle | 7 Activemq, Communications Diameter Signaling Router, Communications Element Manager and 4 more | 2024-11-21 | 6.1 Medium |
| In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. | ||||
| CVE-2020-1933 | 2 Apache, Mozilla | 2 Nifi, Firefox | 2024-11-21 | 6.1 Medium |
| A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers. | ||||
| CVE-2020-1771 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.6 Medium |
| Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | ||||
| CVE-2020-1766 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | 2 Low |
| Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. | ||||
| CVE-2020-1764 | 2 Kiali, Redhat | 3 Kiali, Openshift Service Mesh, Service Mesh | 2024-11-21 | 8.6 High |
| A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration. | ||||
| CVE-2020-1760 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.8 Medium |
| A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. | ||||
| CVE-2020-1721 | 2 Dogtagpki, Redhat | 3 Dogtagpki, Enterprise Linux, Rhel Eus | 2024-11-21 | 6.1 Medium |
| A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. | ||||
| CVE-2020-1716 | 2 Ceph, Redhat | 2 Ceph-ansible, Ceph Storage | 2024-11-21 | 8.8 High |
| A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph dashboard to initiate read, write, and delete Ceph clusters and also modify Ceph cluster configurations. Versions before ceph-ansible 6.0.0alpha1 are affected. | ||||
| CVE-2020-1697 | 1 Redhat | 4 Jboss Single Sign On, Keycloak, Openshift Application Runtimes and 1 more | 2024-11-21 | 6.1 Medium |
| It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks. | ||||
| CVE-2020-1696 | 2 Dogtagpki, Redhat | 3 Dogtagpki, Certificate System, Certificate System Eus | 2024-11-21 | 4.6 Medium |
| A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code. | ||||
| CVE-2020-1691 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.4 Medium |
| In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting. | ||||