Skip to main content
CVE-2017-10910 MEDIUM POC PATCH This Month

MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Mqtt Js
NVD GitHub
CVSS 3.0
6.5
EPSS
0.8%
CVE-2015-7889 MEDIUM POC This Month

The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Samsung Information Disclosure Android
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.3%
CVE-2017-17958 MEDIUM POC This Month

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17956 MEDIUM POC This Month

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17955 MEDIUM POC This Month

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17954 MEDIUM POC This Month

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17953 MEDIUM POC This Month

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17949 MEDIUM POC This Month

Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Blog
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17948 MEDIUM POC This Month

Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Blog
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17937 MEDIUM POC This Month

Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Marketplace Digital Products Php
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17940 MEDIUM POC This Month

PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Single Theater Booking Script
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-17938 MEDIUM POC This Month

PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Single Theater Booking Script
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-15886 MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Synology Chat
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-17967 MEDIUM This Month

pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Wps Office
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-15892 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Chat
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy