Export limit exceeded: 44656 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44656 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13116 | 1 Carbonite | 1 Server Backup Portal | 2024-11-21 | 5.4 Medium |
| OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation. | ||||
| CVE-2020-13094 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 5.4 Medium |
| Dolibarr before 11.0.4 allows XSS. | ||||
| CVE-2020-12882 | 1 Rcos | 1 Submitty | 2024-11-21 | 5.4 Medium |
| Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. | ||||
| CVE-2020-12869 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2024-11-21 | 5.4 Medium |
| RainbowFish PacsOne Server 6.8.4 allows XSS. | ||||
| CVE-2020-12853 | 1 Pydio | 1 Cells | 2024-11-21 | 6.1 Medium |
| Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells. | ||||
| CVE-2020-12849 | 1 Pydio | 1 Cells | 2024-11-21 | 5.4 Medium |
| Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user. | ||||
| CVE-2020-12817 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2024-11-21 | 8.8 High |
| An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. | ||||
| CVE-2020-12816 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 6.1 Medium |
| An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. | ||||
| CVE-2020-12815 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2024-11-21 | 5.4 Medium |
| An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. | ||||
| CVE-2020-12814 | 1 Fortinet | 1 Fortianalyzer | 2024-11-21 | 4.1 Medium |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI. | ||||
| CVE-2020-12811 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 6.1 Medium |
| An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. | ||||
| CVE-2020-12789 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-11-21 | 7.5 High |
| The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. | ||||
| CVE-2020-12779 | 1 Combodo | 1 Itop | 2024-11-21 | 6.8 Medium |
| Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. | ||||
| CVE-2020-12778 | 1 Combodo | 1 Itop | 2024-11-21 | 7.4 High |
| Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. | ||||
| CVE-2020-12759 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 6.1 Medium |
| Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook. | ||||
| CVE-2020-12718 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 5.4 Medium |
| In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle. | ||||
| CVE-2020-12708 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043. | ||||
| CVE-2020-12707 | 1 Lepton-cms | 1 Lepton Cms | 2024-11-21 | 6.1 Medium |
| An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements. | ||||
| CVE-2020-12706 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 5.4 Medium |
| Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php | ||||
| CVE-2020-12705 | 1 Lepton-cms | 1 Leptoncms | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0. | ||||