Skip to main content
CVE-2014-1610 MEDIUM POC THREAT This Month

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 48.0%.

PHP File Upload Mediawiki
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
48.0%
Threat
4.1
CVE-2014-0793 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Komento
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-3090 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 router allow remote attackers to inject arbitrary web script or HTML via the Guest Access PSK field to wireless_guest2_print.stm or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS N300
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3087 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS N900
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3084 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5D8236-4 v2 router allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS F5D8236 4
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0835 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF IBM Qradar Security Information And Event Manager
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-1612 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mediatrix Voip Gateway 4402 Firmware Mediatrix Voip Gateway
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-1611 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Anonymous Posting
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0836 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7303 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Spip
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-1837 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Komento
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0837 MEDIUM This Month

The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy