Skip to main content
CVE-2017-9554 MEDIUM POC THREAT This Month

An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.9%.

Synology Information Disclosure Diskstation Manager
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
57.9%
Threat
4.3
CVE-2017-11586 MEDIUM POC This Month

dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
6.6%
CVE-2017-11327 MEDIUM POC This Month

An issue was discovered in Tilde CMS 1.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Tilde Cms
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-11593 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Google Markdown Preview Plus Chrome
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-10711 MEDIUM POC This Month

In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF PHP Simplerisk
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11581 MEDIUM POC This Month

dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11594 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Loomio
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-11608 MEDIUM This Month

There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libsass
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2017-11605 MEDIUM This Month

There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libsass
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-1380 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2016-8975 MEDIUM PATCH This Month

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rhapsody Design Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-6118 MEDIUM PATCH This Month

IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Strategic Supply Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1249 MEDIUM PATCH This Month

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rhapsody Design Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1245 MEDIUM PATCH This Month

IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Software Architect Design Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1287 MEDIUM PATCH This Month

IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect IBM Rhapsody Design Manager
NVD
CVSS 3.0
5.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy