Skip to main content
CVE-2020-9467 MEDIUM POC PATCH THREAT This Month

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Piwigo
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
23.8%
CVE-2020-6999 MEDIUM PATCH This Month

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Mds G516E Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-8910 MEDIUM PATCH This Month

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Closure Library
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-8923 MEDIUM This Month

An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dart Software Development Kit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-9065 MEDIUM This Month

Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Use After Free Memory Corruption Information Disclosure Taurus Al00B Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-5340 MEDIUM PATCH This Month

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Rsa Authentication Manager
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-5339 MEDIUM PATCH This Month

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Rsa Authentication Manager
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-9468 MEDIUM PATCH This Month

The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Piwigo
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy