Skip to main content
CVE-2020-9012 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gluu Server
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-9016 MEDIUM POC This Month

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-9007 MEDIUM POC This Month

Codoforum 4.8.8 allows self-XSS via the title of a new topic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codoforum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-8997 HIGH This Week

Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Freestyle Libre Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-9013 MEDIUM POC This Month

Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Skillpipe
NVD Exploit-DB
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-8996 MEDIUM POC This Month

AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Anyshare Cloud
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy