CVE-2020-9805

HIGH Year: 2020
CVSS v3 Score
7.1
High
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.

Related Vulnerabilities

CVE-2014-6447

HIGH
CVSS:7.1(High)

Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 1...

CWE-792014

CVE-2017-3557

HIGH
CVSS:7.1(High)

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6...

CWE-792017

CVE-2018-15633

HIGH
CVSS:7.1(High)

Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of ...

CWE-792018

CVE-2018-15634

HIGH
CVSS:7.1(High)

Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser...

CWE-792018

CVE-2018-15638

HIGH
CVSS:7.1(High)

Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a vict...

CWE-792018

CVE-2019-14863

HIGH
CVSS:7.1(High)

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted d...

CWE-792019