Skip to main content
CVE-2020-9019 MEDIUM POC This Month

The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wpjobboard
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2020-9391 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora +7
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9008 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Blackboard Learn
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-9018 MEDIUM POC This Month

LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Litecart
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-8793 MEDIUM POC This Month

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Opensmtpd Fedora Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
4.7
EPSS
0.9%
CVE-2020-9379 MEDIUM This Month

The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Micontact Center Business
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-9393 MEDIUM This Month

An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Pricing Table By Supsystic
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-9334 MEDIUM This Month

A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Envira Gallery
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-9335 MEDIUM This Month

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Photo Gallery
NVD
CVSS 3.1
4.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy