Export limit exceeded: 44411 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44411 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10989 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-11-21 | 6.1 Medium |
| An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter. | ||||
| CVE-2020-10988 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-11-21 | 9.8 Critical |
| A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. | ||||
| CVE-2020-10985 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 4.8 Medium |
| Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. | ||||
| CVE-2020-10946 | 1 Centreon | 3 Centreon Host-monitoring Widget, Centreon Service-monitoring Widget, Centreon Tactical-overview Widget | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. | ||||
| CVE-2020-10944 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 5.4 Medium |
| HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5. | ||||
| CVE-2020-10935 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 5.4 Medium |
| Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover. | ||||
| CVE-2020-10884 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-11-21 | 8.8 High |
| This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652. | ||||
| CVE-2020-10821 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.8 Medium |
| Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. | ||||
| CVE-2020-10820 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.8 Medium |
| Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. | ||||
| CVE-2020-10819 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.8 Medium |
| Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter. | ||||
| CVE-2020-10803 | 5 Debian, Fedoraproject, Opensuse and 2 more | 7 Debian Linux, Fedora, Backports Sle and 4 more | 2024-11-21 | 5.4 Medium |
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. | ||||
| CVE-2020-10797 | 1 Netgate | 1 Pfsense | 2024-11-21 | 6.1 Medium |
| An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed. | ||||
| CVE-2020-10790 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | 5.4 Medium |
| openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. | ||||
| CVE-2020-10788 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | 9.1 Critical |
| openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections. | ||||
| CVE-2020-10777 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-11-21 | 5.4 Medium |
| A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. | ||||
| CVE-2020-10776 | 1 Redhat | 3 Jboss Single Sign On, Keycloak, Red Hat Single Sign On | 2024-11-21 | 4.8 Medium |
| A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack. | ||||
| CVE-2020-10748 | 1 Redhat | 3 Jboss Single Sign On, Keycloak, Single Sign-on | 2024-11-21 | 6.1 Medium |
| A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks. | ||||
| CVE-2020-10688 | 1 Redhat | 7 Enterprise Linux, Fuse, Jboss Enterprise Application Platform and 4 more | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack. | ||||
| CVE-2020-10681 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 5.4 Medium |
| The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. | ||||
| CVE-2020-10670 | 1 Canon | 2 Oce Colorwave 500, Oce Colorwave 500 Firmware | 2024-11-21 | 6.1 Medium |
| The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version. | ||||