Skip to main content
CVE-2020-8549 MEDIUM POC This Month

Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Strong Testimonials
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-8548 MEDIUM POC This Month

massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Masscode
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-5182 MEDIUM This Month

The J-BusinessDirectory extension before 5.2.9 for Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation J Businessdirectory
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-4224 MEDIUM PATCH This Month

IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Storediq
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-7993 MEDIUM This Month

Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Prototype
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy