Skip to main content
CVE-2014-2908 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.0%.

XSS Siemens Simatic S7 Cpu 1200 Firmware Simatic S7 Cpu 1211C Simatic S7 Cpu 1212C +3
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
68.0%
Threat
4.4
CVE-2013-5954 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Revive Adserver Openx
NVD Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
3.3%
CVE-2013-4565 MEDIUM POC This Month

Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Ppthtml
NVD VulDB
CVSS 2.0
6.8
EPSS
2.9%
CVE-2013-4726 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Cm3 Acora Content Management System
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4723 MEDIUM POC This Month

Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect Cm3 Acora Content Management System
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2012-4230 MEDIUM POC This Month

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Privilege Escalation Tinymce
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2025 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Ushahidi Platform
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-5956 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Com Youtubegallery
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4722 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Cm3 Acora Content Management System
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2909 MEDIUM This Month

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Siemens Simatic S7 Cpu 1200 Firmware Simatic S7 Cpu 1211C +4
NVD VulDB
CVSS 2.0
5.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy