In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.
CWE-79
CVE-2020-6843
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
CVE-2020-6845
An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack.
CVE-2020-6847
OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript.
CVE-2020-6848
Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI.
CVE-2020-6850
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.
