Skip to main content
CVE-2020-8244 MEDIUM POC PATCH This Month

A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bufferlist Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-24104 MEDIUM POC This Month

XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lv Wr07 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-24223 MEDIUM POC THREAT This Month

Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Mara Cms
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
14.6%
CVE-2020-24917 MEDIUM PATCH This Month

osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Osticket
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy