Skip to main content
CVE-2017-15232 MEDIUM POC PATCH This Month

libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libjpeg Turbo
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-15194 MEDIUM POC PATCH This Month

include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Cacti
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-15266 MEDIUM POC PATCH This Month

In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libextractor
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-7352 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System >. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Purity
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2017-15188 MEDIUM POC This Month

A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-15215 MEDIUM PATCH This Month

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Shaarli
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2017-14372 MEDIUM This Month

RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Archer Grc Platform
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14371 MEDIUM This Month

RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Archer Grc Platform
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-8017 MEDIUM This Month

EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smarts Network Configuration Manager
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14588 MEDIUM This Month

Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Crucible Fisheye
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-15214 MEDIUM PATCH This Month

Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Flyspray
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2017-15213 MEDIUM PATCH This Month

Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Flyspray
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-8016 MEDIUM This Month

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer Grc Platform
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-14370 MEDIUM This Month

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer Grc Platform
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-14587 MEDIUM This Month

The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Crucible Fisheye
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-15198 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.7%
CVE-2017-15211 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15208 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15207 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15206 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15204 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15203 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15202 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15201 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15200 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15199 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15197 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15196 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15195 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15209 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-15212 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-15210 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-15205 MEDIUM PATCH This Month

In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-14369 MEDIUM This Month

RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Archer Grc Platform
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy