Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.9% and no vendor patch available.
Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 18.2% and no vendor patch available.
Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction. Rated medium severity (CVSS 4.7). No vendor patch available.