Skip to main content
CVE-2020-10670 MEDIUM POC This Month

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oce Colorwave 500 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-10668 MEDIUM POC This Month

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oce Colorwave 500 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-10667 MEDIUM POC This Month

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oce Colorwave 500 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-5262 MEDIUM POC PATCH This Month

In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Easybuild
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-5267 MEDIUM POC PATCH This Month

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Actionview Debian Linux Fedora Leap
NVD GitHub
CVSS 3.1
4.8
EPSS
1.5%
CVE-2020-4205 MEDIUM This Month

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Datapower Gateway
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2020-4203 MEDIUM This Month

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Datapower Gateway
NVD
CVSS 3.1
4.9
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy