Skip to main content
CVE-2020-8127 MEDIUM POC PATCH This Month

Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Reveal Js
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-9447 MEDIUM POC This Month

There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Gwtupload
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9459 MEDIUM POC This Month

Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Modern Events Calendar Lite
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-6804 MEDIUM PATCH This Month

A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webthings Gateway
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6803 MEDIUM PATCH This Month

An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Webthings Gateway
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9466 MEDIUM This Month

The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Code Injection Export Users To Csv
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-1875 MEDIUM This Month

NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-1874 MEDIUM This Month

NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-1792 MEDIUM This Month

Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4) and versions earlier than BKL-L09 10.0.0.146(C432E4R1P4) have an out of bounds write vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Honor V10 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9399 MEDIUM This Month

The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Antivirus For Linux Antivirus Pro Antivirus Pro Plus
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-1877 MEDIUM This Month

NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-1861 MEDIUM This Month

CloudEngine 12800 with versions of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Cloudengine 12800 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy