• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2020-8034

February 26, 2023 by

Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim’s webmail account by making them visit a malicious URL.

CVE-2020-8035

February 26, 2023 by

The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim’s webmail account by making them visit a malicious URL.

CVE-2020-8089

February 26, 2023 by

Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.

CVE-2020-8090

February 26, 2023 by

The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login).

CVE-2020-8091

February 26, 2023 by

svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.

CVE-2020-7971

February 26, 2023 by

GitLab EE 11.0 and later through 12.7.2 allows XSS.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 600
  • Go to page 601
  • Go to page 602
  • Go to page 603
  • Go to page 604
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE