Skip to main content
CVE-2020-25102 MEDIUM POC This Month

silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Advanced Reports
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-23814 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Xxl Job
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-13972 MEDIUM POC This Month

Enghouse Web Chat 6.2.284.34 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web Chat
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-14373 MEDIUM POC PATCH This Month

A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Ghostscript Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-24863 MEDIUM POC PATCH This Month

A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Midnightbsd Freebsd
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-25104 MEDIUM POC This Month

eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eramba
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-25124 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25123 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25122 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25121 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-25120 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25119 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-25118 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25117 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25116 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25115 MEDIUM POC This Month

The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vbulletin
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-9199 MEDIUM This Month

B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection B2368 22 Firmware B2368 57 Firmware B2368 66 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2020-7382 MEDIUM This Month

Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nexpose
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-4337 MEDIUM This Month

IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-12058 MEDIUM PATCH This Month

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ce Phoenix
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-25093 MEDIUM PATCH This Month

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25092 MEDIUM PATCH This Month

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25091 MEDIUM PATCH This Month

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25090 MEDIUM PATCH This Month

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25089 MEDIUM PATCH This Month

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25088 MEDIUM PATCH This Month

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25087 MEDIUM PATCH This Month

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25086 MEDIUM PATCH This Month

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9235 MEDIUM This Month

Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Honor 20 Pro Firmware Honor View 20 Firmware Oxfords An00A Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-10720 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-24385 MEDIUM This Month

In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Null Pointer Dereference Denial Of Service Midnightbsd Freebsd
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-5418 MEDIUM This Month

Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Capi Release Cf Deployment
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy