CVE-2020-9460

MEDIUM

Oempro 4.7-4.11 - Authenticated Cross-Site Scripting via CampaignName Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-9460. PoCs published by g-rubert.

AI-analyzed exploit summary This repository provides a technical writeup for CVE-2020-9460, detailing an XSS vulnerability in Octech Oempro versions 4.7 through 4.11. The vulnerability is triggered via the CampaignName parameter in the Campaign.Create function, with a provided payload example.

Description

Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable.

Exploits (2)

nomisec WRITEUP 1 stars
by g-rubert · poc
https://github.com/g-rubert/CVE-2020-9460

This repository provides a technical writeup for CVE-2020-9460, detailing an XSS vulnerability in Octech Oempro versions 4.7 through 4.11. The vulnerability is triggered via the CampaignName parameter in the Campaign.Create function, with a provided payload example.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Octech Oempro v4.7 to v4.11
Auth required
Prerequisites: Authenticated user access to the Oempro application
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →
inthewild WRITEUP
poc
https://github.com/guilherme-rubert/cve-2020-9460

This repository provides a technical writeup for CVE-2020-9460, detailing an XSS vulnerability in Octech Oempro versions 4.7 through 4.11. The vulnerability occurs in the CampaignName parameter of the Campaign.Create function and includes a payload example.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Octech Oempro v4.7 to v4.11
Auth required
Prerequisites: Authenticated user access
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (3)

Core 3
Core References
Product x_refsource_misc
https://www.octeth.com/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Guilherme-Rubert/CVE-2020-9460
Exploit, Third Party Advisory x_refsource_misc
https://guilhermerubert.com/blog/cve-2020-9461/

Scores

CVSS v3 5.4
EPSS 0.0213
EPSS Percentile 84.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
octech/oempro 4.7 - 4.11
Published Apr 14, 2020
Tracked Since Feb 18, 2026