CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2020-15073 79 XSS 2020-07-08 2020-07-10
3.5
None Remote Medium ??? None Partial None
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
902 CVE-2020-15062 522 2020-08-07 2020-08-09
3.3
None Local Network Low Not required Partial None None
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
903 CVE-2020-15058 522 2020-08-07 2020-08-09
3.3
None Local Network Low Not required Partial None None
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
904 CVE-2020-15054 522 2020-08-07 2020-08-09
3.3
None Local Network Low Not required Partial None None
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
905 CVE-2020-15041 79 XSS 2020-06-24 2020-06-30
3.5
None Remote Medium ??? None Partial None
PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field.
906 CVE-2020-15038 79 XSS 2020-06-24 2020-07-29
3.5
None Remote Medium ??? None Partial None
The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS.
907 CVE-2020-15037 79 Exec Code XSS 2020-07-07 2020-07-10
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter.
908 CVE-2020-15036 79 Exec Code XSS 2020-07-07 2020-07-10
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.
909 CVE-2020-15035 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter.
910 CVE-2020-15034 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter.
911 CVE-2020-15033 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter.
912 CVE-2020-15032 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter.
913 CVE-2020-15031 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter.
914 CVE-2020-15030 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter.
915 CVE-2020-15029 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter.
916 CVE-2020-15028 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter.
917 CVE-2020-15020 79 XSS 2020-08-31 2020-09-04
3.5
None Remote Medium ??? None Partial None
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.
918 CVE-2020-15006 79 XSS 2020-06-24 2020-07-02
3.5
None Remote Medium ??? None Partial None
Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php.
919 CVE-2020-15004 79 XSS 2020-10-23 2020-10-26
3.5
None Remote Medium ??? None Partial None
OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.
920 CVE-2020-14990 269 +Priv 2020-06-22 2020-06-29
3.6
None Local Low Not required None Partial Partial
IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link.
921 CVE-2020-14988 79 XSS 2021-03-11 2021-03-16
3.5
None Remote Medium ??? None Partial None
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the upload image functionality via an SVG document containing JavaScript.
922 CVE-2020-14965 74 CSRF 2020-06-23 2020-07-06
3.5
None Remote Medium ??? None Partial None
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.
923 CVE-2020-14962 79 XSS 2020-06-22 2020-06-25
3.5
None Remote Medium ??? None Partial None
Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php.
924 CVE-2020-14959 79 XSS 2020-06-22 2020-06-25
3.5
None Remote Medium ??? None Partial None
Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter.
925 CVE-2020-14943 79 XSS 2020-06-22 2020-06-30
3.5
None Remote Medium ??? None Partial None
The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile.
926 CVE-2020-14927 79 XSS 2020-06-19 2020-06-24
3.5
None Remote Medium ??? None Partial None
Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.
927 CVE-2020-14926 79 XSS 2020-06-19 2020-06-24
3.5
None Remote Medium ??? None Partial None
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.
928 CVE-2020-14791 DoS 2020-10-21 2021-05-26
3.5
None Remote Medium ??? None None Partial
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).
929 CVE-2020-14771 DoS 2020-10-21 2021-05-26
3.5
None Remote Medium ??? None None Partial
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).
930 CVE-2020-14759 2020-10-21 2020-10-22
3.3
None Local Medium Not required None Partial Partial
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N).
931 CVE-2020-14758 DoS 2020-10-21 2020-10-22
3.6
None Local Low Not required Partial None Partial
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.6 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L).
932 CVE-2020-14732 2020-10-21 2020-10-22
3.5
None Remote Medium ??? Partial None None
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
933 CVE-2020-14731 2020-10-21 2020-10-23
3.5
None Remote Medium ??? Partial None None
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 18.0 and 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
934 CVE-2020-14729 2020-08-27 2020-09-08
3.6
None Remote High ??? Partial Partial None
Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite service. Supported versions that are affected are prior to 2020.1.4. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N).
935 CVE-2020-14617 2020-07-15 2020-07-20
3.5
None Remote Medium ??? Partial None None
Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12; Mobile App: Prior to 20.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).
936 CVE-2020-14610 79 XSS 2020-07-15 2020-07-16
3.5
None Remote Medium ??? None Partial None
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). The supported version that is affected is 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).
937 CVE-2020-14574 2020-07-15 2020-07-17
3.0
None Local Medium ??? Partial Partial None
Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications Applications (component: FACE). Supported versions that are affected are 6.1-6.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Interactive Session Recorder executes to compromise Oracle Communications Interactive Session Recorder. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Interactive Session Recorder accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Interactive Session Recorder accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N).
938 CVE-2020-14552 2020-07-15 2020-07-21
3.5
None Remote Medium ??? Partial None None
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Portal accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).
939 CVE-2020-14550 2020-07-15 2021-05-26
3.5
None Remote Medium ??? None None Partial
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
940 CVE-2020-14545 DoS 2020-07-15 2020-07-20
3.3
None Local Medium Not required None Partial Partial
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L).
941 CVE-2020-14514 201 2020-09-01 2020-09-11
3.3
None Local Network Low Not required Partial None None
All trailer Power Line Communications are affected. PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. Further distances are also possible, subject to environmental conditions and receiver improvements.
942 CVE-2020-14483 2020-08-13 2020-08-19
3.3
None Local Network Low Not required None None Partial
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.
943 CVE-2020-14477 287 2020-06-26 2020-07-15
3.6
None Local Low Not required Partial Partial None
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
944 CVE-2020-14462 79 XSS 2020-06-19 2020-06-19
3.5
None Remote Medium ??? None Partial None
CALDERA 2.7.0 allows XSS via the Operation Name box.
945 CVE-2020-14445 79 XSS 2020-06-18 2020-10-28
3.5
None Remote Medium ??? None Partial None
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface.
946 CVE-2020-14444 79 XSS 2020-06-18 2020-10-28
3.5
None Remote Medium ??? None Partial None
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface.
947 CVE-2020-14431 522 2020-06-18 2020-06-19
3.3
None Local Network Low Not required Partial None None
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.
948 CVE-2020-14430 522 2020-06-18 2020-06-19
3.3
None Local Network Low Not required Partial None None
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.
949 CVE-2020-14428 522 2020-06-18 2020-06-19
3.3
None Local Network Low Not required Partial None None
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.
950 CVE-2020-14427 522 2020-06-18 2020-06-19
3.3
None Local Network Low Not required Partial None None
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.