Skip to main content
CVE-2017-16230 MEDIUM POC This Month

In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Typecho
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2012-5636 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Wicket
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2015-7549 MEDIUM This Month

The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qemu
NVD
CVSS 3.0
6.0
EPSS
0.1%
CVE-2017-1000255 MEDIUM This Month

On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-12460 MEDIUM This Month

An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Clickshare Csm 1 Firmware Clickshare Csc 1 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-15888 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Audio Station
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy