Skip to main content
CVE-2020-10966 MEDIUM POC PATCH This Month

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Control Panel
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-5261 MEDIUM PATCH This Month

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Saml2
NVD GitHub
CVSS 3.1
6.8
EPSS
1.2%
CVE-2020-6808 MEDIUM This Month

When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-2164 MEDIUM PATCH This Month

Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Artifactory
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-10791 MEDIUM PATCH This Month

app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Grafana SSRF PHP Openitcockpit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-2169 MEDIUM PATCH This Month

A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Queue Cleanup
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-5559 MEDIUM This Month

Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wl Enq
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5557 MEDIUM This Month

Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cutenews
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5552 MEDIUM This Month

Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailform
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3808 MEDIUM PATCH This Month

Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Creative Cloud
NVD
CVSS 3.1
5.9
EPSS
1.4%
CVE-2020-9520 MEDIUM This Month

A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vibe
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-5277 MEDIUM PATCH This Month

PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Faceted Search Module
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2170 MEDIUM PATCH This Month

Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Rapiddeploy
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2163 MEDIUM PATCH This Month

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-2162 MEDIUM PATCH This Month

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-2161 MEDIUM PATCH This Month

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-10790 MEDIUM PATCH This Month

openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openitcockpit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-6813 MEDIUM This Month

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-6812 MEDIUM This Month

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-6810 MEDIUM This Month

After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-3791 MEDIUM This Month

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
4.3
EPSS
2.2%
CVE-2020-3782 MEDIUM This Month

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
4.3
EPSS
2.2%
CVE-2020-3781 MEDIUM This Month

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
4.3
EPSS
2.2%
CVE-2020-3778 MEDIUM This Month

Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
4.3
EPSS
2.2%
CVE-2020-3771 MEDIUM This Month

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
4.3
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy