Skip to main content
CVE-2017-1000221 MEDIUM POC PATCH This Month

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Opencast
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-1000224 MEDIUM POC This Month

CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Youtube
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-1000163 MEDIUM POC This Month

The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Phoenix
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2017-1000225 MEDIUM POC This Month

Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Relevanssi
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-1000236 MEDIUM POC This Month

I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS I Librarian
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2017-16819 MEDIUM POC This Month

A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rtc 1000 Firmware
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.1%
CVE-2017-1000164 MEDIUM POC This Month

Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Privilege Escalation Tine 2 0
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1000239 MEDIUM POC This Month

InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Invoiceplane
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1000227 MEDIUM POC This Month

Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Salutation
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1000226 MEDIUM POC This Month

Stop User Enumeration 1.3.8 allows user enumeration via the REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Stop User Enumeration
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-1000234 MEDIUM POC This Month

I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure I Librarian
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2017-1000168 MEDIUM PATCH This Month

sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sodiumoxide
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-4938 MEDIUM PATCH This Month

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service VMware Workstation Fusion
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2017-1000193 MEDIUM PATCH This Month

October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE October
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-16880 MEDIUM PATCH This Month

The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Whoops
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000188 MEDIUM PATCH This Month

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ejs
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-4929 MEDIUM PATCH This Month

VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS VMware Information Disclosure Nsx Edge
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000209 MEDIUM PATCH This Month

The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Information Disclosure Nv Websocket Client
NVD GitHub
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-1000127 MEDIUM This Month

Exiv2 0.26 contains a heap buffer overflow in tiff parser. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-1000126 MEDIUM This Month

exiv2 0.26 contains a Stack out of bounds read in webp parser. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-1000128 MEDIUM This Month

Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-10888 MEDIUM This Month

BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Book Walker
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-16868 MEDIUM This Month

In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-15517 MEDIUM This Month

AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Altavault Ost Plug In
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1000186 MEDIUM This Month

In SWFTools, a stack overflow was found in pdf2swf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1000185 MEDIUM This Month

In SWFTools, a memcpy buffer overflow was found in gif2swf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1000176 MEDIUM This Month

In SWFTools, a memcpy buffer overflow was found in swfc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1000182 MEDIUM This Month

In SWFTools, a memory leak was found in wav2swf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1000174 MEDIUM This Month

In SWFTools, an address access exception was found in swfdump swf_GetBits(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1000201 MEDIUM PATCH This Month

The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Tcmu Runner
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-1000160 MEDIUM This Month

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Expressionengine
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1000223 MEDIUM This Month

A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Modx Revolution
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-10886 MEDIUM This Month

Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cs Cart Cs Cart Multivendor
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1000240 MEDIUM This Month

The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openemr
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-13702 MEDIUM This Month

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eds G512E Firmware
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-1000211 MEDIUM This Month

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Lynx
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1000246 MEDIUM PATCH This Month

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Pysaml2
NVD GitHub
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-13700 MEDIUM This Month

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eds G512E Firmware
NVD
CVSS 3.0
4.8
EPSS
0.3%
CVE-2017-1000213 MEDIUM PATCH This Month

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Wbce Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-10890 MEDIUM This Month

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Rx V200 Firmware Rx V100 Firmware Rx Clv1 P Firmware +2
NVD
CVSS 3.0
4.6
EPSS
0.1%
CVE-2017-10889 MEDIUM This Month

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Tablepress
NVD
CVSS 3.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy