By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.
Loading CVE list…
CVE Name
Severity Score
Published Date
CISA KEV
Take These Insights to the Next Level
Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.
Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.
See everything.Identify true risk.Proactively mitigate threats.Book a Demo
Let's talk!
CVE-2020-37044:
Loading CVE details…
CVE-2020-37044 | Medium Severity | Armis
will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.","articleBody":"OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'\"--> will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.","datePublished":"2026-01-30T23:16:10.000Z","dateModified":"2026-05-13T09:05:53.240Z","keywords":"Medium, 2026, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2020-37044","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-37044","name":"NVD CVE-2020-37044"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"6.1"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"0.02%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"6th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"NONE"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Scope","value":"CHANGED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"LOW"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2020-37044?","acceptedAnswer":{"@type":"Answer","text":"OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'\"--> will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10."}},{"@type":"Question","name":"How severe is CVE-2020-37044?","acceptedAnswer":{"@type":"Answer","text":"CVE-2020-37044 has a CVSS score of 6.1 (Medium severity). EPSS score: 0.02% (6th percentile), indicating the estimated probability of exploitation in the wild."}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://cve.armis.com/"},{"@type":"ListItem","position":2,"name":"CVE-2020-37044","item":"https://cve.armis.com/CVE-2020-37044"}]}]
CVE-2020-37044:
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"-->alert('Raif_Berkay') will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
Score
A numerical rating that indicates how dangerous this vulnerability is.
6.1Medium
Published Date:Jan 30, 2026
CISA KEV Date:*No Data*
Industries Affected:20
Threat Predictions
EPSS Score:0.0
EPSS Percentile:6%
Exploitability
Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:REQUIRED
Scope:CHANGED
Impact
Score:2.7
Confidentiality Impact:LOW
Integrity Impact:LOW
Availability Impact:NONE
Description Preview
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"-->alert('Raif_Berkay') will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
Low
Mining
Utilities
Information
Construction
Retail Trade
Manufacturing
Wholesale Trade
Educational Services
Finance and Insurance
Public Administration
Real Estate Rental and Leasing
Transportation and Warehousing
Accommodation and Food Services
Health Care and Social Assistance
Arts, Entertainment, and Recreation
Management of Companies and Enterprises
Agriculture, Forestry, Fishing and Hunting
Other Services (except Public Administration)
Professional, Scientific, and Technical Services
Administrative and Support and Waste Management and Remediation Services
