Skip to main content
CVE-2017-8302 MEDIUM POC PATCH This Month

Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Muracms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-3008 MEDIUM PATCH This Month

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Coldfusion
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2017-8298 MEDIUM PATCH This Month

cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Canvas
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-8301 MEDIUM PATCH This Month

LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Nginx Information Disclosure Libressl
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy