Export limit exceeded: 44624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44624 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8031 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 6.3 Medium |
| A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8. | ||||
| CVE-2020-8020 | 2 Debian, Opensuse | 2 Debian Linux, Open Build Service | 2024-11-21 | 6.5 Medium |
| A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb. | ||||
| CVE-2020-8001 | 1 Intelliantech | 1 Aptus | 2024-11-21 | 9.8 Critical |
| The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account. | ||||
| CVE-2020-8000 | 1 Intelliantech | 1 Aptus Web | 2024-11-21 | 9.8 Critical |
| Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account. | ||||
| CVE-2020-7999 | 1 Intelliantech | 1 Aptus | 2024-11-21 | 9.8 Critical |
| The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY. | ||||
| CVE-2020-7997 | 1 Asus | 2 Rt-ac66u, Rt-ac66u Firmware | 2024-11-21 | 6.1 Medium |
| ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature. | ||||
| CVE-2020-7996 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.1 Medium |
| htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header. | ||||
| CVE-2020-7994 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page. | ||||
| CVE-2020-7990 | 1 Adive | 1 Framework | 2024-11-21 | 6.1 Medium |
| Adive Framework 2.0.8 has admin/user/add userName XSS. | ||||
| CVE-2020-7989 | 1 Adive | 1 Framework | 2024-11-21 | 6.1 Medium |
| Adive Framework 2.0.8 has admin/user/add userUsername XSS. | ||||
| CVE-2020-7973 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.1 Medium |
| GitLab through 12.7.2 allows XSS. | ||||
| CVE-2020-7971 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.1 Medium |
| GitLab EE 11.0 and later through 12.7.2 allows XSS. | ||||
| CVE-2020-7937 | 1 Plone | 1 Plone | 2024-11-21 | 5.4 Medium |
| An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site. | ||||
| CVE-2020-7934 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 5.4 Medium |
| In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1. | ||||
| CVE-2020-7915 | 1 Eaton | 2 5p 850, 5p 850 Firmware | 2024-11-21 | 4.8 Medium |
| An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator. | ||||
| CVE-2020-7913 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 6.1 Medium |
| JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. | ||||
| CVE-2020-7911 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.1 Medium |
| In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. | ||||
| CVE-2020-7910 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.4 Medium |
| JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. | ||||
| CVE-2020-7846 | 1 Cnesty | 1 Helpcom | 2024-11-21 | 8 High |
| Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page. | ||||
| CVE-2020-7809 | 1 Altools | 1 Alsong | 2024-11-21 | 4.4 Medium |
| ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Album(sab) file. | ||||