Skip to main content
CVE-2020-25738 MEDIUM POC This Month

CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Endpoint Privilege Manager
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-29145 MEDIUM POC This Month

In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ericsson Bscs Ix R18 Billing Rating Admx Bscs Ix R18 Billing Rating Mx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-29144 MEDIUM POC This Month

In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ericsson Bscs Ix R18 Billing Rating Admx Bscs Ix R18 Billing Rating Mx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-12262 MEDIUM POC This Month

Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tip200 Firmware Tip200Lite Firmware Tip300 Firmware
NVD
CVSS 3.1
5.4
EPSS
1.8%
CVE-2017-15680 MEDIUM PATCH This Month

In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Crafter Cms
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-29136 MEDIUM This Month

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2017-15682 MEDIUM PATCH This Month

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Crafter Cms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-29137 MEDIUM This Month

cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-29133 MEDIUM This Month

jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Coremail Xt
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-29138 MEDIUM This Month

Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass F St 3486 Router Firmware
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-29135 MEDIUM This Month

cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Cpanel
NVD
CVSS 3.1
4.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy