Skip to main content
CVE-2020-15873 MEDIUM POC PATCH This Month

In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Librenms
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-14063 MEDIUM POC This Month

A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Tc Custom Javascript
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-12432 MEDIUM POC This Month

The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Collabora Online Development Edition
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-15102 MEDIUM PATCH This Month

In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dashboard Products
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy