Skip to main content
CVE-2017-5673 MEDIUM POC This Month

In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kunena
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7222 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Mantisbt
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7224 MEDIUM PATCH This Month

The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Binutils
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2014-9840 MEDIUM This Month

ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Imagemagick
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2014-9836 MEDIUM This Month

ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Imagemagick
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2014-9838 MEDIUM This Month

magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick
NVD
CVSS 3.0
5.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy