Skip to main content
CVE-2017-16841 MEDIUM POC This Month

LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-16836 MEDIUM POC This Month

Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Arris Tg1682G Firmware
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-16843 MEDIUM POC This Month

Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vdv 23 Firmware
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-16842 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wordpress Seo
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-12305 MEDIUM This Month

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Ip Phone 8800 Series Firmware
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2017-12313 MEDIUM This Month

An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Cisco Packet Tracer
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-12312 MEDIUM This Month

An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Cisco Advanced Malware Protection For Endpoints
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-16867 MEDIUM This Month

Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Amazon Key Firmware
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2017-16866 MEDIUM PATCH This Month

dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-12304 MEDIUM This Month

A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Cisco iOS
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12323 MEDIUM This Month

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Registered Envelope Service
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12322 MEDIUM This Month

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Email Encryption
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12321 MEDIUM This Month

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Registered Envelope Service
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12320 MEDIUM This Month

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Registered Envelope Service
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12292 MEDIUM This Month

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Email Encryption
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12291 MEDIUM This Month

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Email Encryption
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12290 MEDIUM This Month

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Email Encryption
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12315 MEDIUM This Month

A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Hyperflex Hx Data Platform
NVD
CVSS 3.0
6.0
EPSS
0.1%
CVE-2017-12311 MEDIUM This Month

A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Meeting Server
NVD
CVSS 3.0
5.8
EPSS
0.8%
CVE-2017-12300 MEDIUM This Month

A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Secure Firewall Management Center
NVD
CVSS 3.0
5.8
EPSS
0.2%
CVE-2017-12309 MEDIUM This Month

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Email Security Appliance Firmware
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2017-4930 MEDIUM PATCH This Month

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS VMware Airwatch
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-12303 MEDIUM This Month

A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asyncos
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-12299 MEDIUM This Month

A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Firepower Extensible Operating System
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-0850 MEDIUM PATCH This Month

An information disclosure vulnerability in the Android media framework (libstagefright). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-0851 MEDIUM PATCH This Month

An information disclosure vulnerability in the Android media framework (libhevc). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-0849 MEDIUM PATCH This Month

An information disclosure vulnerability in the Android media framework (libavc). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-0848 MEDIUM PATCH This Month

An information disclosure vulnerability in the Android media framework (libeffects). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-11022 MEDIUM PATCH This Month

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-0860 MEDIUM This Month

An elevation of privilege vulnerability in the Android system (inputdispatcher). Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.3
EPSS
0.0%
CVE-2017-12306 MEDIUM This Month

A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Conference Director
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2017-12302 MEDIUM This Month

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-16560 MEDIUM This Month

SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Secureaccess
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy