Skip to main content
CVE-2020-35252 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS User Registration And Login System With Admin Panel
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-13969 MEDIUM POC This Month

CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Business Platform
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-35584 MEDIUM POC This Month

In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Solstice Pod Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-35658 MEDIUM POC This Month

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Spamtitan
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-28071 MEDIUM POC This Month

SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Alumni Management System
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-9439 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin Canny LearnDash Reporting before 3.4.4 allows authenticated remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Tin Canny Reporting For Learndash
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-6159 MEDIUM This Month

URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Opera
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-35650 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgm_code_redeem. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Uncanny Groups For Learndash
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-4642 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service". Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Microsoft Db2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25192 MEDIUM This Month

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nport Iaw5000A I O Firmware
NVD
CVSS 3.1
5.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy