Skip to main content
CVE-2017-7359 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7363 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7362 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7361 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7360 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7309 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS RCE PHP Mantisbt
NVD
CVSS 3.0
4.8
EPSS
2.5%
CVE-2017-7241 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS RCE PHP Mantisbt
NVD
CVSS 3.0
4.8
EPSS
0.8%
CVE-2017-6973 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS RCE PHP Mantisbt
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2017-1154 MEDIUM PATCH This Month

IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Algo One
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-6209 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Nagios. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nagios
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-9990 MEDIUM PATCH This Month

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Inotes
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-9319 MEDIUM PATCH This Month

There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Google Trend Micro Information Disclosure Mobile Security
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2016-8935 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lms
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-6036 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6031 MEDIUM PATCH This Month

IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6022 MEDIUM PATCH This Month

IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1171 MEDIUM PATCH This Month

The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tririga Application Platform
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy