Skip to main content
CVE-2015-8831 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Dotclear
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2017-5591 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Sleekxmpp Slixmpp Poezio
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2017-5592 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Profanity
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2017-5590 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Chatsecure Zom
NVD GitHub
CVSS 3.0
5.9
EPSS
0.4%
CVE-2017-5606 MEDIUM POC This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Xabber
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2017-5603 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Jitsi
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-5858 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Converse Js
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-5605 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Movim
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-5604 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Mcabber
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-5602 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Jappix
NVD GitHub
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-5593 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Psi
NVD GitHub
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-5589 MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google Information Disclosure Bruno Yaxim
NVD GitHub
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-5634 MEDIUM This Month

The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Norwegian Air Kiosk
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2016-4987 MEDIUM PATCH This Month

Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jenkins Image Gallery
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2015-8936 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Squidguard
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4988 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Jenkins Build Failure Analyzer
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2017-5846 MEDIUM This Month

A out-of-bounds read vulnerability exists in GStreamer's ASF demuxer (gst-plugins-ugly) that allows remote attackers to trigger a denial of service by crafting malicious video files with specially crafted extended stream properties containing an invalid number of languages. GStreamer versions before 1.10.3 are affected, and the vulnerability is triggered through local user interaction with a malicious media file, resulting in application crashes due to invalid memory access. While EPSS scoring indicates relatively low exploitation probability (0.80%, 74th percentile), this is a straightforward denial of service with clear triggering mechanisms.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
5.5
EPSS
0.8%
CVE-2017-5842 MEDIUM PATCH This Month

A out-of-bounds write vulnerability exists in the SAMI subtitle parser (samiparse.c) within GStreamer's gst-plugins-base library before version 1.10.3, triggered when processing maliciously crafted SMI subtitle files. The vulnerability allows remote attackers to cause a denial of service condition by crashing the application through memory corruption. With an EPSS score of 0.80% (74th percentile), patch availability from the vendor, and documented proof-of-concept files (OneNote_Manager.smi), this represents a low-to-moderate exploitation risk despite the moderate CVSS 5.5 score.

Denial Of Service Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.0
5.5
EPSS
0.8%
CVE-2016-10198 MEDIUM PATCH This Month

An invalid memory read vulnerability exists in the gst_aac_parse_sink_setcaps function within GStreamer's AAC audio parser component (gst-plugins-good). Remote attackers can trigger a denial of service by providing a specially crafted AAC audio file, causing the application to crash. With an EPSS score of 0.76% (73rd percentile) and low attack complexity requiring only user interaction to open a malicious file, this vulnerability represents a moderate practical risk despite the moderate CVSS 5.5 score.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.0
5.5
EPSS
0.8%
CVE-2017-5844 MEDIUM PATCH This Month

A floating point exception vulnerability exists in GStreamer's gst_riff_create_audio_caps function within gst-plugins-base versions prior to 1.10.3, allowing remote attackers to trigger a denial of service crash by supplying a specially crafted ASF (Advanced Systems Format) audio file. The vulnerability requires user interaction (file opening) but no elevated privileges, making it exploitable through common media playback scenarios. With an EPSS score of 0.72 (72nd percentile) and confirmed patch availability from the vendor, this represents a moderate real-world risk primarily affecting applications and systems that process untrusted media files.

Denial Of Service
NVD VulDB
CVSS 3.0
5.5
EPSS
0.7%
CVE-2017-5837 MEDIUM PATCH This Month

A floating-point exception vulnerability exists in the gst_riff_create_audio_caps function within GStreamer's gst-plugins-base library, allowing remote attackers to trigger a denial-of-service condition by crafting malicious video files. GStreamer versions before 1.10.3 are affected. The vulnerability has a moderate CVSS score of 5.5 but an EPSS percentile of 72%, indicating meaningful exploitation probability; a vendor patch is available.

Denial Of Service
NVD VulDB
CVSS 3.0
5.5
EPSS
0.7%
CVE-2016-3101 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Jenkins Extra Columns
NVD
CVSS 3.1
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy