Skip to main content
CVE-2020-4047 MEDIUM PATCH This Month

In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
3.5%
CVE-2020-11980 MEDIUM PATCH This Month

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Privilege Escalation SSRF Karaf
NVD
CVSS 3.1
6.3
EPSS
1.9%
CVE-2020-11839 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Arcsight Logger
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-9651 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2020-9648 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2020-9647 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2020-3929 MEDIUM This Month

GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Geovision Gv As210 Firmware Geovision Gv As410 Firmware Geovision Gv As810 Firmware Geovision Gv As1010 Firmware +1
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-4048 MEDIUM PATCH This Month

In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

WordPress Open Redirect Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.7
EPSS
2.2%
CVE-2020-4046 MEDIUM This Month

In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
2.4%
CVE-2020-9644 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.1
5.4
EPSS
1.8%
CVE-2020-4251 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Api Connect
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-10732 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's implementation of Userspace core dumps. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Linux Linux Kernel Leap Ubuntu Linux +16
NVD GitHub
CVSS 3.1
4.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy