Export limit exceeded: 45925 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45925 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36383 | 1 Pagelayer | 1 Pagelayer | 2024-11-21 | 6.1 Medium |
| PageLayer before 1.3.5 allows reflected XSS via the font-size parameter. | ||||
| CVE-2020-36324 | 1 Wikimedia | 1 Analytics-quarry-web | 2024-11-21 | 6.1 Medium |
| Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type. | ||||
| CVE-2020-36307 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 6.1 Medium |
| Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. | ||||
| CVE-2020-36306 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 6.1 Medium |
| Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. | ||||
| CVE-2020-36290 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | 5.4 Medium |
| The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality. | ||||
| CVE-2020-36288 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 6.1 Medium |
| The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution. | ||||
| CVE-2020-36236 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 6.1 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | ||||
| CVE-2020-36234 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 4.8 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | ||||
| CVE-2020-36202 | 1 Rust-lang | 1 Async-h1 | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy. | ||||
| CVE-2020-36196 | 1 Qnap | 1 Qulog Center | 2024-11-21 | 6.1 Medium |
| A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0. | ||||
| CVE-2020-36194 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 6.1 Medium |
| An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. | ||||
| CVE-2020-36190 | 1 Rails Admin Project | 1 Rails Admin | 2024-11-21 | 6.1 Medium |
| RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms. | ||||
| CVE-2020-36172 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2024-11-21 | 6.1 Medium |
| The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. | ||||
| CVE-2020-36171 | 1 Elementor | 1 Website Builder | 2024-11-21 | 6.1 Medium |
| The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads. | ||||
| CVE-2020-36139 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 5.4 Medium |
| BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter. | ||||
| CVE-2020-36115 | 2 Egavilanmedia, Microsoft | 2 Phpcrud, Windows | 2024-11-21 | 5.4 Medium |
| Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'. | ||||
| CVE-2020-36064 | 1 Online Course Registration Project | 1 Online Course Registration | 2024-11-21 | 9.8 Critical |
| Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. | ||||
| CVE-2020-36062 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2024-11-21 | 9.8 Critical |
| Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. | ||||
| CVE-2020-36056 | 1 Beetel | 2 777vr1, 777vr1 Firmware | 2024-11-21 | 5.4 Medium |
| Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ping diagnostic option. | ||||
| CVE-2020-36012 | 1 Bdtask | 1 Multi-store | 2024-11-21 | 4.8 Medium |
| Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field. | ||||