Skip to main content
CVE-2020-17480 MEDIUM POC PATCH This Month

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-8229 MEDIUM POC This Month

A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Denial Of Service Desktop
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-15662 MEDIUM This Month

A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Code Injection Apple Firefox
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-15661 MEDIUM This Month

A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Apple Firefox
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-15658 MEDIUM This Month

The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-15655 MEDIUM This Month

A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Firefox Esr Thunderbird +2
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-15654 MEDIUM This Month

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-15653 MEDIUM This Month

An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-15652 MEDIUM This Month

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-15648 MEDIUM This Month

Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Thunderbird
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-16278 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Saint Security Suite
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-16275 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Saint Security Suite
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-15139 MEDIUM PATCH This Month

In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mybb
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-17476 MEDIUM PATCH This Month

Mibew Messenger before 3.2.7 allows XSS via a crafted user name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Messenger
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4541 MEDIUM PATCH This Month

IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4539 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4533 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-12778 MEDIUM This Month

Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-9526 MEDIUM This Month

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure P2P
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-9245 MEDIUM This Month

HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P30 Firmware P30 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9243 MEDIUM This Month

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate 30 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-15650 MEDIUM This Month

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox Esr
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-15649 MEDIUM This Month

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google File Upload Mozilla Firefox Esr
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-13294 MEDIUM This Month

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-12779 MEDIUM This Month

Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15651 MEDIUM This Month

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Apple Firefox
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy