Skip to main content
CVE-2020-20142 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pivot Table Charts
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.6%
CVE-2020-20141 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pivot Table Charts
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.6%
CVE-2020-20140 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pivot Table Charts
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.6%
CVE-2020-20139 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pivot Table Charts
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.6%
CVE-2020-20138 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.1
6.1
EPSS
3.3%
CVE-2020-8462 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-12521 MEDIUM This Month

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plcnext Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-35123 MEDIUM This Month

In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Collaboration
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-29436 MEDIUM This Month

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Nexus Repository Manager
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-12518 MEDIUM This Month

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Plcnext Firmware
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-15293 MEDIUM This Month

Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Hypervisor Introspection
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15292 MEDIUM PATCH This Month

Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Hypervisor Introspection
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4845 MEDIUM PATCH This Month

IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-35453 MEDIUM This Month

HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-35177 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-27010 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
4.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy