Skip to main content
CVE-2018-5550 MEDIUM POC THREAT This Month

Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Airprint
NVD
CVSS 3.0
6.1
EPSS
37.5%
CVE-2018-0512 MEDIUM This Month

Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Hdl Xr Firmware Hdl Xrw Firmware Hdl Xr2U Firmware Hdl Xr2Uw Firmware +41
NVD
CVSS 3.0
6.8
EPSS
0.7%
CVE-2018-0140 MEDIUM This Month

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Email Security Appliance Firmware Content Security Management Appliance
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2018-0513 MEDIUM PATCH This Month

Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple Booking Business version 1.28.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Simple Booking
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-6834 MEDIUM PATCH This Month

static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Etherpad Lite
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0129 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Data Center Analytics Framework
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0128 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Data Center Analytics Framework
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0123 MEDIUM This Month

A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Path Traversal Apple iOS Ios Xe
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-6844 MEDIUM This Month

MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mybb
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-6846 MEDIUM This Month

Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Z Blogphp
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-0138 MEDIUM This Month

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-0134 MEDIUM This Month

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Mobility Services Engine
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2018-0119 MEDIUM This Month

A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Conference Director
NVD
CVSS 3.0
4.7
EPSS
1.0%
CVE-2018-0122 MEDIUM This Month

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Cisco Staros
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2018-0135 MEDIUM This Month

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Communications Manager
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-0120 MEDIUM This Month

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Unified Communications Manager
NVD
CVSS 3.0
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy