Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2020
CVE-2020-12523
On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource
CVSS Score
5.4
EPSS Score
0.004
Published
2020-12-17
CVE-2020-20138
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-12-17
CVE-2020-20139
Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-12-17
CVE-2020-20140
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-12-17
CVE-2020-20141
Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-12-17
CVE-2020-20142
Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-12-17
CVE-2020-12517
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).
CVSS Score
8.8
EPSS Score
0.006
Published
2020-12-17
CVE-2020-12518
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-12-17
CVE-2020-8464
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-12-17
CVE-2020-8465
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-12-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved