Skip to main content
CVE-2020-35676 MEDIUM POC This Month

BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Invoicing System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-35669 MEDIUM POC This Month

An issue was discovered in the http package through 0.12.2 for Dart. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Http
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-28190 MEDIUM POC This Month

TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Tos
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-28184 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Tos
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-28185 MEDIUM POC THREAT This Month

User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Tos
NVD
CVSS 3.1
5.3
EPSS
18.1%
CVE-2020-29247 MEDIUM POC This Month

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD Exploit-DB VulDB
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-9137 MEDIUM This Month

There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cloudengine 12800 Firmware Cloudengine 5800 Firmware Cloudengine 6800 Firmware Cloudengine 7800 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-9201 MEDIUM This Month

There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-27722 MEDIUM This Month

In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-27724 MEDIUM This Month

In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-9119 MEDIUM This Month

There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Huawei Mate 10 Firmware Mate 30 Firmware Mate 30 Pro Firmware +2
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2020-35659 MEDIUM PATCH This Month

The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pi Hole
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-27729 MEDIUM This Month

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Big Ip Access Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-27726 MEDIUM This Month

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-27719 MEDIUM This Month

On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-2503 MEDIUM This Month

If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qnap Qes
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-27727 MEDIUM This Month

On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2020-35677 MEDIUM This Month

BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS CSRF PHP Online Invoicing System
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2020-5684 MEDIUM This Month

iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ism Server
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2020-9202 MEDIUM This Month

There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Te Mobile
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-27725 MEDIUM This Month

In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 of BIG-IP DNS, GTM, and Link Controller, zxfrd leaks memory when listing DNS zones. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Domain Name System Big Ip Global Traffic Manager Big Ip Link Controller
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy