Skip to main content
CVE-2020-9514 MEDIUM POC This Month

An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Impress For Idx Broker
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-11509 MEDIUM POC This Month

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Lead Plus X
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-11611 MEDIUM POC This Month

An issue was discovered in xdLocalStorage through 2.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Cross Domain Local Storage
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-11515 MEDIUM POC This Month

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Seo
NVD
CVSS 3.1
6.1
EPSS
2.1%
CVE-2020-6171 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Clink Office
NVD
CVSS 3.1
6.1
EPSS
4.8%
CVE-2020-11508 MEDIUM POC This Month

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Lead Plus X
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-11516 MEDIUM POC This Month

Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Contact Form 7 Datepicker
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-11512 MEDIUM POC This Month

Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Impress For Idx Broker
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-7618 MEDIUM POC PATCH This Month

sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Sds
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-7616 MEDIUM POC This Month

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Express Mock Middleware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-9286 MEDIUM This Month

An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortiadc Firmware
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-5302 MEDIUM This Month

MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mh Wikibot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-2172 MEDIUM PATCH This Month

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Jenkins Code Coverage Api
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-2174 MEDIUM PATCH This Month

Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Awseb Deployment
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-6647 MEDIUM This Month

An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortiadc Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-2176 MEDIUM PATCH This Month

Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Usemango Runner
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2175 MEDIUM PATCH This Month

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Fitnesse
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2173 MEDIUM PATCH This Month

Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Gatling
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-8096 MEDIUM This Month

Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Antimalware Software Development Kit
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-11609 MEDIUM PATCH This Month

An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-11608 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.6.1. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy