Total
43690 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13864 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 5.4 Medium |
| The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links. | ||||
| CVE-2020-13853 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 5.4 Medium |
| Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. | ||||
| CVE-2020-13828 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter. | ||||
| CVE-2020-13827 | 1 Phplist | 1 Phplist | 2024-11-21 | 6.1 Medium |
| phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | ||||
| CVE-2020-13825 | 1 I-doit | 1 I-doit | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter. | ||||
| CVE-2020-13821 | 1 Hivemq | 1 Broker Control Center | 2024-11-21 | 5.4 Medium |
| An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker. | ||||
| CVE-2020-13820 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 6.1 Medium |
| Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | ||||
| CVE-2020-13819 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 6.1 Medium |
| Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | ||||
| CVE-2020-13798 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php. | ||||
| CVE-2020-13797 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php. | ||||
| CVE-2020-13796 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php. | ||||
| CVE-2020-13773 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 5.4 Medium |
| Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx. | ||||
| CVE-2020-13762 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS. | ||||
| CVE-2020-13761 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS. | ||||
| CVE-2020-13758 | 1 Bitrix | 1 Bitrix24 | 2024-11-21 | 6.1 Medium |
| modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload. | ||||
| CVE-2020-13697 | 1 Nanohttpd | 1 Nanohttpd | 2024-11-21 | 6.1 Medium |
| An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, because the GeneralHandler GET handler prints user input passed through the query string without any sanitization. | ||||
| CVE-2020-13688 | 1 Drupal | 1 Drupal | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6. | ||||
| CVE-2020-13673 | 1 Drupal | 1 Entity Embed | 2024-11-21 | 6.1 Medium |
| The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting. | ||||
| CVE-2020-13672 | 1 Drupal | 1 Drupal | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80. | ||||
| CVE-2020-13669 | 1 Drupal | 1 Drupal | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. | ||||