Skip to main content
CVE-2020-5217 MEDIUM POC PATCH This Month

In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Secure Headers
NVD GitHub
CVSS 3.1
5.8
EPSS
1.8%
CVE-2020-5216 MEDIUM POC PATCH This Month

In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Secure Headers
NVD GitHub
CVSS 3.1
5.8
EPSS
1.1%
CVE-2020-6843 MEDIUM POC This Month

Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.1
4.8
EPSS
2.4%
CVE-2020-5223 MEDIUM POC PATCH This Month

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

XSS Privatebin
NVD GitHub
CVSS 3.1
4.4
EPSS
0.7%
CVE-2020-7210 MEDIUM POC PATCH This Month

Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Umbraco Cms
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-7936 MEDIUM PATCH This Month

An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Plone
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-7937 MEDIUM PATCH This Month

An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Plone
NVD
CVSS 3.1
5.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy