Skip to main content
CVE-2020-11888 MEDIUM POC PATCH This Month

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Python Markdown2
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-11930 MEDIUM POC PATCH This Month

The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Translate Wordpress With Gtranslate
NVD
CVSS 3.1
6.1
EPSS
4.5%
CVE-2020-10935 MEDIUM POC This Month

Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zulip Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5293 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Prestashop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-5288 MEDIUM PATCH This Month

"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Prestashop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-5287 MEDIUM PATCH This Month

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Prestashop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-5279 MEDIUM PATCH This Month

In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP Prestashop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-11944 MEDIUM PATCH This Month

Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call__ in abe.py because the PATH_INFO environment variable is mishandled during a PageNotFound exception. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bitcoin Abe
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-9445 MEDIUM This Month

Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9444 MEDIUM This Month

Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5286 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5285 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5278 MEDIUM PATCH This Month

In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5276 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5272 MEDIUM PATCH This Month

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5271 MEDIUM PATCH This Month

In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5270 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Open Redirect Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5269 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5265 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5264 MEDIUM PATCH This Month

In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9070 MEDIUM This Month

Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Information Disclosure Taurus Al00B Firmware
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-1803 MEDIUM This Month

Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Huawei Authentication Bypass Information Disclosure Honor V20 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy