Skip to main content
CVE-2020-35347 MEDIUM POC This Month

CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cxuucms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-20412 MEDIUM POC This Month

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Stepmania Libvorbis
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-35437 MEDIUM POC This Month

Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion Cms
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
3.0%
CVE-2020-27515 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Savsoft Quiz
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-28759 MEDIUM POC This Month

The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tengine
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-35349 MEDIUM POC This Month

Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Savsoft Quiz
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35346 MEDIUM POC This Month

CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cxuucms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-29172 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Litespeed Cache
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-29385 MEDIUM PATCH This Month

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Gdk Pixbuf Ubuntu Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy