ReportizFlow
Filtered by vendor
Subscriptions
Total
43545 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28470 | 1 Scully | 1 Scully | 2024-11-21 | 7.3 High |
| This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page. | ||||
| CVE-2020-28459 | 1 Markdown-it-decorate Project | 1 Markdown-it-decorate | 2024-11-21 | 7.3 High |
| This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link. | ||||
| CVE-2020-28457 | 1 S-cart | 1 S-cart | 2024-11-21 | 7.2 High |
| This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS. | ||||
| CVE-2020-28456 | 1 S-cart | 1 S-cart | 2024-11-21 | 7.3 High |
| The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel. | ||||
| CVE-2020-28455 | 1 Markdown-it-toc Project | 1 Markdown-it-toc | 2024-11-21 | 7.3 High |
| This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped. | ||||
| CVE-2020-28415 | 1 Tranzware Payment Gateway Project | 1 Tranzware Payment Gateway | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414). | ||||
| CVE-2020-28414 | 1 Tranzware Payment Gateway Project | 1 Tranzware Payment Gateway | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28415). | ||||
| CVE-2020-28409 | 1 Dundas | 1 Dundas Bi | 2024-11-21 | 5.4 Medium |
| The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur. | ||||
| CVE-2020-28408 | 1 Dundas | 1 Dundas Bi | 2024-11-21 | 5.4 Medium |
| The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard. | ||||
| CVE-2020-28365 | 1 Sapplica | 1 Sentrifugo | 2024-11-21 | 6.1 Medium |
| Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-28364 | 1 Locust | 1 Locust | 2024-11-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users. | ||||
| CVE-2020-28351 | 1 Mitel | 2 Shoretel, Shoretel Firmware | 2024-11-21 | 6.1 Medium |
| The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page. | ||||
| CVE-2020-28350 | 1 Sokrates | 1 Sowasql | 2024-11-21 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter. | ||||
| CVE-2020-28249 | 1 Joplin Project | 1 Joplin | 2024-11-21 | 6.1 Medium |
| Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. | ||||
| CVE-2020-28210 | 1 Schneider-electric | 1 Ecostruxure Building Operation | 2024-11-21 | 6.1 Medium |
| A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser. | ||||
| CVE-2020-28184 | 1 Terra-master | 1 Tos | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php. | ||||
| CVE-2020-28149 | 1 Mydbr | 1 Mydbr | 2024-11-21 | 9.6 Critical |
| myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS. | ||||
| CVE-2020-28146 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter. | ||||
| CVE-2020-28141 | 1 Online Discussion Forum Project | 1 Online Discussion Forum | 2024-11-21 | 5.4 Medium |
| The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page. | ||||
| CVE-2020-28139 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2024-11-21 | 6.1 Medium |
| SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. | ||||