Skip to main content
CVE-2017-6478 MEDIUM POC PATCH THREAT This Month

paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.1%.

XSS PHP Mangoswebv4
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
21.1%
CVE-2017-6445 HIGH POC This Week

The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Openelec
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-6492 HIGH POC This Week

SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Admidio
NVD GitHub
CVSS 3.0
7.2
EPSS
0.5%
CVE-2017-6480 MEDIUM POC PATCH This Month

groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Cmsgroovel
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-6484 MEDIUM POC PATCH This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Mediator 5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Inter Mediator
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-6483 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Atutor
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6481 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpipam
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6479 MEDIUM POC This Month

FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Fenix Open Source
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6486 MEDIUM POC PATCH This Month

A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Reasoncms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6491 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Epesi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-6490 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Epesi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-6489 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Epesi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-6488 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Epesi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-6487 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Epesi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-6485 MEDIUM This Month

A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Php Calendar
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6446 MEDIUM PATCH This Month

XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Dotclear
NVD
CVSS 3.0
6.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy