Skip to main content
CVE-2020-23839 MEDIUM POC THREAT This Month

A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Getsimple Cms
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
10.5%
CVE-2020-23835 MEDIUM POC This Month

A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Tailor Management System
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
2.3%
CVE-2020-23831 MEDIUM POC This Month

A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Stock Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-23450 MEDIUM POC This Month

Spiceworks Version <= 7.5.00107 is affected by XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Spiceworks
NVD VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-8335 MEDIUM This Month

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Thinkpad A275 Firmware Thinkpad A285 Firmware Thinkpad A475 Firmware +5
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-2250 MEDIUM PATCH This Month

Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Soapui Pro Functional Testing
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-2247 MEDIUM PATCH This Month

Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Klocwork Analysis
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-2242 MEDIUM PATCH This Month

A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Database
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-2248 MEDIUM This Month

Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Jsgames
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-13946 MEDIUM PATCH This Month

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Cassandra Oncommand Insight
NVD
CVSS 3.1
5.9
EPSS
3.0%
CVE-2020-15704 MEDIUM This Month

The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Debian Information Disclosure Ppp
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-2246 MEDIUM This Month

Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Valgrind
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-2244 MEDIUM PATCH This Month

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Build Failure Analyzer
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-2243 MEDIUM PATCH This Month

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Cadence Vmanager
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-2238 MEDIUM PATCH This Month

Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Git Parameter
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-6873 MEDIUM This Month

A ZTE product has a DoS vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zte Zxr10 2800 4 Almpufb Low Firmware
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-2251 MEDIUM PATCH This Month

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Soapui Pro Functional Testing
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-2239 MEDIUM PATCH This Month

Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Parameterized Remote Trigger
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-14514 MEDIUM This Month

All trailer Power Line Communications are affected. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Power Line Communications
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy