Skip to main content
CVE-2020-15241 MEDIUM POC PATCH This Month

TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Open Redirect Fluid Engine Typo3
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-24301 MEDIUM POC This Month

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Testpage Overlay
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-25272 MEDIUM POC This Month

In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Bus Booking System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-26567 MEDIUM POC THREAT This Month

An issue was discovered on D-Link DSR-250N before 3.17B devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsr 250N Firmware
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
17.2%
CVE-2020-25271 MEDIUM POC This Month

PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hospital Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-25270 MEDIUM POC This Month

PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hostel Management System
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.2%
CVE-2020-25262 MEDIUM POC This Month

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pyrocms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-3602 MEDIUM This Month

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Staros
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-3601 MEDIUM This Month

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Staros
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-5389 MEDIUM This Month

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Dell Information Disclosure Emc Openmanage Integration For Microsoft System Center
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-13339 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-2298 MEDIUM This Month

Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Jenkins Nerrvana
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-2295 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Maven Cascade Release
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-2294 MEDIUM This Month

Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Maven Cascade Release
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-2293 MEDIUM This Month

Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Persona
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-3598 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Vision Dynamic Signage Director
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-3567 MEDIUM This Month

A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Industrial Network Director Network Level Service
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-3543 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service 8000P Ip Camera Firmware 8020 Ip Camera Firmware 8030 Ip Camera Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-15242 MEDIUM PATCH This Month

Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Next Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-15646 MEDIUM This Month

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Microsoft Information Disclosure Thunderbird
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-3568 MEDIUM This Month

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asyncos
NVD
CVSS 3.1
5.8
EPSS
1.0%
CVE-2020-2292 MEDIUM PATCH This Month

Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Release
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2290 MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Active Choices
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-2289 MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Active Choices
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-3597 MEDIUM This Month

A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Nexus Data Broker
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-3536 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Sd Wan
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3320 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Secure Firewall Management Center Sourcefire Defense Center
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-2288 MEDIUM PATCH This Month

In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Audit Trail
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-2287 MEDIUM PATCH This Month

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Audit Trail
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-3589 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-12401 MEDIUM This Month

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. Rated medium severity (CVSS 4.7). No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-12400 MEDIUM This Month

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. Rated medium severity (CVSS 4.7). No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-13344 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Gitlab Redis Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-2296 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Shared Objects
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy