Skip to main content
CVE-2020-35200 MEDIUM POC This Month

Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-35208 MEDIUM POC This Month

An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Lastpass
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2020-35207 MEDIUM POC This Month

An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Lastpass
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2020-35202 MEDIUM POC This Month

Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-35201 MEDIUM POC This Month

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-35199 MEDIUM POC This Month

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-35176 MEDIUM This Month

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Awstats Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy