Export limit exceeded: 340856 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44599 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44599 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4024 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 5.4 Medium |
| The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type. | ||||
| CVE-2020-4023 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 5.4 Medium |
| The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter. | ||||
| CVE-2020-4022 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 6.1 Medium |
| The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type. | ||||
| CVE-2020-4021 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 5.4 Medium |
| Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view. | ||||
| CVE-2020-4013 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 5.4 Medium |
| The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives. | ||||
| CVE-2020-3997 | 1 Vmware | 1 Horizon | 2024-11-21 | 5.4 Medium |
| VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed. | ||||
| CVE-2020-3975 | 1 Vmware | 1 App Volumes | 2024-11-21 | 5.4 Medium |
| VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing. | ||||
| CVE-2020-3955 | 1 Vmware | 1 Esxi | 2024-11-21 | 9.3 Critical |
| ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.3. | ||||
| CVE-2020-3953 | 1 Vmware | 1 Vrealize Log Insight | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | ||||
| CVE-2020-3939 | 1 Sysjust | 1 Syuan-gu-da-shin | 2024-11-21 | 6.1 Medium |
| SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability. | ||||
| CVE-2020-3928 | 1 Usavisionsys | 10 Geovision Gv-as1010, Geovision Gv-as1010 Firmware, Geovision Gv-as210 and 7 more | 2024-11-21 | 6.2 Medium |
| GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices. | ||||
| CVE-2020-3902 | 2 Apple, Redhat | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2024-11-21 | 6.1 Medium |
| An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack. | ||||
| CVE-2020-3867 | 4 Apple, Opensuse, Redhat and 1 more | 9 Icloud, Ipados, Iphone Os and 6 more | 2024-11-21 | 6.1 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2020-3758 | 1 Magento | 1 Magento | 2024-11-21 | 6.1 Medium |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2020-3715 | 1 Magento | 1 Magento | 2024-11-21 | 6.1 Medium |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2020-3599 | 1 Cisco | 2 Adaptive Security Appliance, Adaptive Security Appliance Software | 2024-11-21 | 6.1 Medium |
| A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | ||||
| CVE-2020-3591 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2024-11-21 | 4.3 Medium |
| A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | ||||
| CVE-2020-3590 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2024-11-21 | 6.4 Medium |
| A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | ||||
| CVE-2020-3589 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials. | ||||
| CVE-2020-3587 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2024-11-21 | 6.4 Medium |
| A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | ||||