Skip to main content
CVE-2015-3897 MEDIUM POC THREAT This Month

Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 54.9%.

Path Traversal Bonita Bpm Portal
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
54.9%
Threat
4.1
CVE-2015-4659 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Clickheat
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-4140 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Wp Smiley
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4420 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Opsview
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.2%
CVE-2015-4661 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to system/authors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Symphony
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-4660 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Enhanced Sql Portal
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-4655 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Synology Diskstation Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-4656 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Synology PHP Photo Station
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3422 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Searchblox
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-4587 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Cellpipe 7130 Router Firmware
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-2861 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Vesta Control Panel
NVD GitHub
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-4628 MEDIUM This Month

SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Limesurvey
NVD GitHub
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-4657 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mailbird
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy