Skip to main content
CVE-2017-9085 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Insite
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-16810 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Octopus Deploy
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-16239 MEDIUM PATCH This Month

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nova
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-12624 MEDIUM PATCH This Month

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Apache Cxf
NVD
CVSS 3.0
5.5
EPSS
3.6%
CVE-2017-16815 MEDIUM This Month

installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Duplicator
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-9394 MEDIUM This Month

A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Identity Governance
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-10266 MEDIUM PATCH This Month

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Information Disclosure Tuxedo
NVD
CVSS 3.0
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy