Skip to main content
CVE-2020-12708 MEDIUM POC This Month

Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-12707 MEDIUM POC PATCH This Month

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Lepton Cms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-12704 MEDIUM POC This Month

UliCMS before 2020.2 has PageController stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ulicms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-5750 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5748 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-11047 MEDIUM POC PATCH This Month

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
1.7%
CVE-2020-11042 MEDIUM POC PATCH This Month

In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
1.8%
CVE-2020-12706 MEDIUM POC PATCH This Month

Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Php Fusion
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.9%
CVE-2020-5751 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5749 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5747 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5746 MEDIUM POC This Month

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tcexam
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5744 MEDIUM POC This Month

Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tcexam
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2020-5743 MEDIUM POC This Month

Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tcexam
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-12687 MEDIUM PATCH This Month

An issue was discovered in Serpico before 1.3.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Serpico
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-11056 MEDIUM PATCH This Month

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Sprout Forms
NVD GitHub
CVSS 3.1
6.3
EPSS
1.0%
CVE-2020-11053 MEDIUM PATCH This Month

In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Oauth2 Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-12705 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Leptoncms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-12703 MEDIUM This Month

UliCMS before 2020.2 has XSS during PackageController uninstall. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ulicms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-12679 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Mivoice Connect Shoretel Conference Web
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-12696 MEDIUM This Month

The iframe plugin before 4.5 for WordPress does not sanitize a URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Iframe
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-11055 MEDIUM PATCH This Month

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bookstack
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-12683 MEDIUM PATCH This Month

Katyshop2 before 2.12 has multiple stored XSS issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Katyshop2
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-12692 MEDIUM PATCH This Month

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keystone Ubuntu Linux
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-12448 MEDIUM This Month

GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-4430 MEDIUM KEV PATCH THREAT This Month

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Data Risk Manager
NVD
CVSS 3.1
4.3
EPSS
68.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy