libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System >. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.