Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2020
Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
CVSS Score
6.1
EPSS Score
0.016
Published
2020-12-17
Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.
CVSS Score
6.1
EPSS Score
0.016
Published
2020-12-17
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).
CVSS Score
8.8
EPSS Score
0.011
Published
2020-12-17
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.
CVSS Score
5.5
EPSS Score
0.007
Published
2020-12-17
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
CVSS Score
7.5
EPSS Score
0.063
Published
2020-12-17
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
CVSS Score
9.8
EPSS Score
0.026
Published
2020-12-17
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.
CVSS Score
9.8
EPSS Score
0.637
Published
2020-12-17
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.
CVSS Score
4.8
EPSS Score
0.007
Published
2020-12-17
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.
CVSS Score
8.8
EPSS Score
0.011
Published
2020-12-17
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.
CVSS Score
4.8
EPSS Score
0.011
Published
2020-12-17


Contact Us

Shodan ® - All rights reserved