Skip to main content
CVE-2017-9813 MEDIUM POC This Month

In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Anti Virus For Linux Server
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.7%
CVE-2017-1000033 MEDIUM POC This Month

Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE WordPress Vospari Forms
NVD
CVSS 3.0
6.1
EPSS
2.5%
CVE-2017-9340 MEDIUM POC This Month

An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Owncloud
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-0196 MEDIUM PATCH This Month

An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.1%.

Microsoft Information Disclosure Edge
NVD GitHub
CVSS 3.0
6.5
EPSS
19.1%
CVE-2017-1000038 MEDIUM POC This Month

WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Relevanssi
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2017-1000043 MEDIUM POC PATCH This Month

Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mapbox Js
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-1000042 MEDIUM POC PATCH This Month

Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mapbox
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9609 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Blackcat Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
1.2%
CVE-2017-11128 MEDIUM POC This Month

Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bolt
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-11127 MEDIUM POC This Month

Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bolt
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1000023 MEDIUM POC This Month

LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Logicaldoc
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-3080 MEDIUM PATCH This Month

Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2017-3100 MEDIUM PATCH This Month

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2017-11340 MEDIUM This Month

There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Exiv2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2017-11337 MEDIUM This Month

There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Exiv2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2017-11336 MEDIUM This Month

There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Exiv2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2017-11338 MEDIUM This Month

There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Exiv2
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2017-3754 MEDIUM This Month

Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo Bios
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2017-11352 MEDIUM PATCH This Month

In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2017-8034 MEDIUM This Month

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Capi Release Cf Release Routing Release
NVD
CVSS 3.0
6.6
EPSS
0.5%
CVE-2017-2240 MEDIUM PATCH This Month

Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Apple Assetview
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2017-11339 MEDIUM This Month

There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Exiv2
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-2347 MEDIUM This Month

A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-6312 MEDIUM This Month

The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apache Red Hat Enterprise Linux
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-11360 MEDIUM PATCH This Month

The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-7947 MEDIUM This Month

NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-1000027 MEDIUM This Month

Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Sme Server
NVD
CVSS 3.0
6.1
EPSS
2.1%
CVE-2017-2642 MEDIUM PATCH This Month

Moodle 3.x has user fullname disclosure on the user preferences page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-7532 MEDIUM PATCH This Month

In Moodle 3.x, course creators are able to change system default settings for courses. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Moodle
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-2241 MEDIUM PATCH This Month

SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Apple SQLi Assetview
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2017-3103 MEDIUM This Month

Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-7663 MEDIUM PATCH This Month

Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Openmeetings
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2017-1000006 MEDIUM PATCH This Month

Plotly, Inc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Plotly Js
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-3102 MEDIUM This Month

Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-1000015 MEDIUM PATCH This Month

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-0764 MEDIUM This Month

Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Red Hat Information Disclosure Networkmanager
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2016-10398 MEDIUM This Month

Android 6.0 has an authentication bypass for attackers with root and physical access. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.0
6.2
EPSS
0.0%
CVE-2017-9934 MEDIUM This Month

Missing CSRF token checks and improper input validation in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Joomla
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-8896 MEDIUM This Month

ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Owncloud
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-1000065 MEDIUM PATCH This Month

Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Openmediavault
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1000059 MEDIUM This Month

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Live Helper Chat
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1000078 MEDIUM This Month

Linux foundation ONOS 1.9 is vulnerable to XSS in the device. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Onos
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-1000058 MEDIUM This Month

Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Chevereto
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1000013 MEDIUM PATCH This Month

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Phpmyadmin
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000063 MEDIUM This Month

kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Kitto
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000054 MEDIUM This Month

Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000035 MEDIUM This Month

Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tiny Tiny Rss
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000012 MEDIUM This Month

MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mysqldumper
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000011 MEDIUM This Month

MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mywebsql
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000005 MEDIUM This Month

PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Phpminiadmin
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy