Skip to main content
CVE-2020-10596 MEDIUM POC This Month

OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencart
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.7%
CVE-2020-1720 MEDIUM PATCH This Month

A flaw was found in PostgreSQL's "ALTER ... Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PostgreSQL Authentication Bypass Decision Manager Software Collections Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-10122 MEDIUM This Month

cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-10114 MEDIUM This Month

cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-10113 MEDIUM This Month

cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-6646 MEDIUM This Month

An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinet Fortiweb
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-10116 MEDIUM This Month

cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy