Skip to main content
CVE-2020-13820 MEDIUM POC This Month

Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Extreme Management Center
NVD
CVSS 3.1
6.1
EPSS
4.0%
CVE-2020-16269 MEDIUM POC This Month

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Radare2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-4328 MEDIUM This Month

IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
6.3
EPSS
1.2%
CVE-2020-11584 MEDIUM This Month

A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Onyx
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-11583 MEDIUM This Month

A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Obsidian
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-16131 MEDIUM This Month

Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Tiki
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4560 MEDIUM This Month

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Financial Transaction Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-14319 MEDIUM This Month

It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Adobe CSRF Amq Online Enmasse
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2020-12739 MEDIUM This Month

A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Series 30I Firmware Series 31I Firmware Series 32I B Plus Firmware Series 35I B Firmware +12
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-8575 MEDIUM This Month

Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft VMware Active Iq Unified Manager
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy