Skip to main content
CVE-2020-25988 MEDIUM POC This Month

UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2-1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Platinum 4410 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
3.0%
CVE-2020-27558 MEDIUM POC This Month

Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ge 131 Bt 1837836 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-28092 MEDIUM POC This Month

PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pescms Team
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-28129 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gym Management System
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-26216 MEDIUM POC PATCH This Month

TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fluid
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-25890 MEDIUM POC This Month

The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ecosys M2640Idw Firmware
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-28139 MEDIUM POC This Month

SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Clothing Store
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-27557 MEDIUM POC This Month

Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ge 131 Bt 1837836 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-26701 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kaa
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-25798 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Limesurvey
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-28647 MEDIUM POC This Month

In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Moveit Transfer
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-27556 MEDIUM POC This Month

A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ge 131 Bt 1837836 Firmware
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-13351 MEDIUM This Month

Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-11860 MEDIUM This Month

Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcsight Logger
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-13348 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.7
EPSS
0.8%
CVE-2020-13358 MEDIUM This Month

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Gitlab Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-25832 MEDIUM This Month

Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Filr
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-25834 MEDIUM This Month

Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcsight Logger
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-26406 MEDIUM This Month

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-13352 MEDIUM This Month

Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-25833 MEDIUM This Month

Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Idol
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-10776 MEDIUM PATCH This Month

A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Keycloak
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2020-25746 MEDIUM This Month

QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable),. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qubi3 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-13349 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-13350 MEDIUM This Month

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab CSRF
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-13354 MEDIUM This Month

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy