Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.
Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.