Skip to main content
CVE-2020-29250 MEDIUM POC This Month

CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cxuucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-29249 MEDIUM POC This Month

CXUUCMS V3 allows class="layui-input" XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cxuucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-29204 MEDIUM POC PATCH This Month

XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Xxl Job
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-29156 MEDIUM POC PATCH This Month

The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Woocommerce
NVD GitHub
CVSS 3.1
5.3
EPSS
4.0%
CVE-2020-35678 MEDIUM PATCH This Month

Autobahn|Python before 20.12.3 allows redirect header injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Python Open Redirect Autobahn
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy