• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2020-9025

February 26, 2023 by

Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script.

CVE-2020-9028

February 26, 2023 by

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the “User Creation, Deletion and Password Maintenance” screen (when creating a new user).

CVE-2020-9036

February 26, 2023 by

Jeedom through 4.0.38 allows XSS.

CVE-2020-9038

February 26, 2023 by

Joplin through 1.0.184 allows Arbitrary File Read via XSS.

CVE-2020-9055

February 26, 2023 by

Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or information disclosure.

CVE-2020-9056

February 26, 2023 by

Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sanitization and is executed in the browser of the user, which could possibly cause website redirection, session hijacking, or information disclosure. This vulnerability has been patched in BuySpeed version 15.3.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 586
  • Go to page 587
  • Go to page 588
  • Go to page 589
  • Go to page 590
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE