Skip to main content
CVE-2020-35200 MEDIUM POC This Month

Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-29563 CRITICAL Act Now

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass My Cloud Os 5
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-35208 MEDIUM POC This Month

An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Lastpass
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2020-35207 MEDIUM POC This Month

An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Lastpass
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2020-35202 MEDIUM POC This Month

Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-35201 MEDIUM POC This Month

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-35199 MEDIUM POC This Month

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-29654 HIGH This Week

Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dashboard
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-35176 MEDIUM This Month

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Awstats Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy