Skip to main content
CVE-2020-15483 MEDIUM POC This Month

An issue was discovered on Nescomed Multipara Monitor M1000 devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass M1000 Multipara Patient Monitor Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-24656 MEDIUM POC This Month

Maltego before 4.2.12 allows XXE attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Maltego
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2020-24316 MEDIUM POC This Month

WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Admin Menu
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-24314 MEDIUM POC This Month

Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rss Feed Widget
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-24313 MEDIUM POC This Month

Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ultimate Appointment Booking Scheduling
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-24661 MEDIUM POC This Month

GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Geary Fedora
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-23660 MEDIUM POC This Month

webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webtareas
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23659 MEDIUM POC This Month

WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web Port
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-23658 MEDIUM POC This Month

PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23657 MEDIUM POC This Month

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Navigatecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23656 MEDIUM POC This Month

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Navigatecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23655 MEDIUM POC This Month

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Navigatecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23654 MEDIUM POC This Month

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Navigatecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-19007 MEDIUM POC This Month

Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Halo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-24548 MEDIUM POC This Month

Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Access Server
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-24008 MEDIUM POC This Month

Umanni RH 1.0 has a user enumeration vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Human Resources
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-5916 MEDIUM This Month

In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-3152 MEDIUM This Month

A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Connected Mobile Experiences
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-3151 MEDIUM This Month

A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Connected Mobile Experiences
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-3521 MEDIUM This Month

A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Data Center Network Manager
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-3505 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service 8000P Ip Camera Firmware 8020 Ip Camera Firmware 8030 Ip Camera Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-3440 MEDIUM This Month

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Microsoft Path Traversal Webex Meetings
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-15486 MEDIUM This Month

An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electrocardiogram Pen Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-3522 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Data Center Network Manager
NVD
CVSS 3.1
6.3
EPSS
0.8%
CVE-2020-3485 MEDIUM This Month

A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Vision Dynamic Signage Director
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2020-24599 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-24598 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Joomla
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-3466 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Catalyst Center
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-5927 MEDIUM This Month

In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Application Security Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5915 MEDIUM This Month

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-15499 MEDIUM This Month

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rt Ac1900P Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-13767 MEDIUM This Month

The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Micollab
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-5917 MEDIUM This Month

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSH Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-15498 MEDIUM This Month

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Rt Ac1900P Firmware
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2020-16193 MEDIUM PATCH This Month

osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Osticket
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15485 MEDIUM This Month

An issue was discovered on Nescomed Multipara Monitor M1000 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure M1000 Multipara Patient Monitor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-3520 MEDIUM This Month

A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, local attacker to obtain confidential information from an affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Data Center Network Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3523 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3518 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-13821 MEDIUM This Month

An issue was discovered in HiveMQ Broker Control Center 4.3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Broker Control Center
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-5923 MEDIUM This Month

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-3496 MEDIUM This Month

A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sg200 50 Firmware Sg200 50P Firmware Sg200 50Fp Firmware +111
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-3484 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Cisco Information Disclosure Vision Dynamic Signage Director
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-5924 MEDIUM This Month

In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-3490 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Vision Dynamic Signage Director
NVD
CVSS 3.1
4.9
EPSS
3.0%
CVE-2020-3491 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Vision Dynamic Signage Director
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-3439 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-7309 MEDIUM This Month

Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Application And Change Control
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2020-3389 MEDIUM This Month

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Hyperflex Hx Series Software
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-5920 MEDIUM This Month

In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy