Skip to main content
CVE-2020-11823 MEDIUM POC This Month

In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-11814 MEDIUM POC This Month

A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Qdpm
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-11007 MEDIUM PATCH This Month

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Shopizer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4338 MEDIUM This Month

IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-5294 MEDIUM PATCH This Month

PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop Socialfollow
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5273 MEDIUM PATCH This Month

In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop Linklist
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5266 MEDIUM PATCH This Month

In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop Link
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-11813 MEDIUM This Month

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rukovoditel
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-7113 MEDIUM This Month

A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clearpass
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-7110 MEDIUM This Month

ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Privilege Escalation Clearpass
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-2177 MEDIUM PATCH This Month

Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Copr
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-4260 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy