CVE-2020-9461

MEDIUM

Octech Oempro 4.7-4.11 - Authenticated Stored Cross-Site Scripting via Media.CreateFolder FolderName Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-9461. PoCs published by g-rubert.

AI-analyzed exploit summary This repository provides a detailed technical summary of CVE-2020-9461, a stored XSS vulnerability in Octech Oempro versions 4.7 through 4.11. The vulnerability is triggered via the FolderName parameter in the Media.CreateFolder command, allowing authenticated users to inject malicious scripts.

Description

Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.

Exploits (2)

nomisec WRITEUP 2 stars
by g-rubert · poc
https://github.com/g-rubert/CVE-2020-9461

This repository provides a detailed technical summary of CVE-2020-9461, a stored XSS vulnerability in Octech Oempro versions 4.7 through 4.11. The vulnerability is triggered via the FolderName parameter in the Media.CreateFolder command, allowing authenticated users to inject malicious scripts.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Octech Oempro v4.7 to v4.11
Auth required
Prerequisites: Authenticated access to the Oempro application
devstral-2 · analyzed Feb 18, 2026 Full analysis →
inthewild WRITEUP
poc
https://github.com/guilherme-rubert/cve-2020-9461

This repository provides a technical description of CVE-2020-9461, a stored XSS vulnerability in Octech Oempro versions 4.7 through 4.11. The vulnerability is triggered via the FolderName parameter in the Media.CreateFolder command, allowing an authenticated user to inject malicious scripts.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Octech Oempro v4.7 to v4.11
Auth required
Prerequisites: Authenticated user access to the Oempro application
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (3)

Core 3
Core References
Product x_refsource_misc
https://www.octeth.com/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Guilherme-Rubert/CVE-2020-9461
Exploit, Third Party Advisory x_refsource_misc
https://guilhermerubert.com/blog/cve-2020-9460/

Scores

CVSS v3 5.4
EPSS 0.0213
EPSS Percentile 84.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
octech/oempro 4.7 - 4.11
Published Apr 14, 2020
Tracked Since Feb 18, 2026