Skip to main content
CVE-2020-28656 MEDIUM POC This Month

The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Polo Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-7773 MEDIUM POC PATCH This Month

This affects the package markdown-it-highlightjs before 3.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Markdown It Highlightjs
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-13773 MEDIUM POC This Month

Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ivanti Endpoint Manager
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-28650 MEDIUM POC This Month

The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13772 MEDIUM POC This Month

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Information Disclosure Endpoint Manager
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-7765 MEDIUM POC PATCH This Month

This affects the package @firebase/util before 0.3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Firebase Util
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-8152 MEDIUM POC This Month

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-4692 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4671 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-4566 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-4475 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-26129 MEDIUM This Month

In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Ktor
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-26225 MEDIUM PATCH This Month

In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Product Comments
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-27627 MEDIUM This Month

JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-27459 MEDIUM This Month

Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Chronoforums
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-4672 MEDIUM PATCH This Month

IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-27991 MEDIUM This Month

Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
5.4
EPSS
21.7%
CVE-2020-27990 MEDIUM This Month

Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
5.4
EPSS
21.7%
CVE-2020-27989 MEDIUM This Month

Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
5.4
EPSS
21.7%
CVE-2020-27988 MEDIUM This Month

Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
5.4
EPSS
85.2%
CVE-2020-5663 MEDIUM This Month

Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Xoonips
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5662 MEDIUM This Month

Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Xoonips
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-27622 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-27629 MEDIUM This Month

In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-27626 MEDIUM This Month

JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-27625 MEDIUM This Month

In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-27624 MEDIUM This Month

JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-25210 MEDIUM This Month

In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-4705 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-4763 MEDIUM This Month

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-4665 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-27628 MEDIUM This Month

In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy