Skip to main content
CVE-2015-5075 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP X2Crm
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.0%
CVE-2015-5076 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP X2Crm
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-7337 MEDIUM PATCH This Month

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Notebook
NVD GitHub
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-0852 MEDIUM PATCH This Month

Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Freeimage
NVD
CVSS 2.0
5.0
EPSS
2.2%
CVE-2015-5442 MEDIUM This Month

Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Software Update
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-7604 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Splunk
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-7320 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress PHP Appointment Booking Calendar
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0299 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Source Point Of Sale
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-5711 MEDIUM This Month

TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Managed File Transfer Internet Server Vault Managed File Transfer Command Center +1
NVD
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy