Skip to main content
CVE-2017-8879 MEDIUM POC This Month

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dolibarr Erp Crm
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2017-8875 MEDIUM POC This Month

CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Clean Login
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-8892 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tempo Box
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7887 MEDIUM POC This Month

Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-8877 MEDIUM This Month

ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rt Ac1750 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-8878 MEDIUM This Month

ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rt Ac1750 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-3894 MEDIUM This Month

A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Service Unified Endpoint Manager
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-8876 MEDIUM PATCH This Month

Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Symphony
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2016-10371 MEDIUM This Month

The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtiff
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-8891 MEDIUM PATCH This Month

Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Lepton
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-6035 MEDIUM PATCH This Month

IBM Rational Quality Manager is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Team Concert Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-5888 MEDIUM PATCH This Month

IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Interact
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-3032 MEDIUM This Month

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cognos Analytics
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6037 MEDIUM PATCH This Month

IBM Rational Team Concert (RTC) is vulnerable to HTML injection. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Team Concert Rational Quality Manager
NVD
CVSS 3.0
4.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy