Skip to main content
CVE-2018-11195 MEDIUM POC This Month

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mahara
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-11656 MEDIUM POC This Month

In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-11655 MEDIUM POC This Month

In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-3755 MEDIUM POC This Month

XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sexstatic
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-3743 MEDIUM POC PATCH This Month

Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Hekto
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-11552 MEDIUM POC THREAT This Month

There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Axon Pbx
NVD
CVSS 3.0
6.1
EPSS
28.6%
CVE-2018-11628 MEDIUM POC This Month

Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ems Master Calendar
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.5%
CVE-2018-11486 MEDIUM POC This Month

An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Advance Search For Woocommerce
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-11485 MEDIUM POC This Month

The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Woocommerce Quick Reports
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-11649 MEDIUM POC This Month

Hue 3.12 has XSS via the /pig/save/ name and script parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hue
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-3809 MEDIUM POC PATCH This Month

Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Serve
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-11581 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hl L2340D Firmware Hl L2380Dw Firmware
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
1.6%
CVE-2018-5526 MEDIUM This Month

Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Application Security Manager
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-8922 MEDIUM This Month

Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Drive Server
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-5521 MEDIUM This Month

On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Application Acceleration Manager Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-11651 MEDIUM PATCH This Month

Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Graylog
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-11650 MEDIUM PATCH This Month

Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Graylog
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-5522 MEDIUM This Month

On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Big Ip Application Acceleration Manager Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2018-10382 MEDIUM PATCH This Month

MODX Revolution 2.6.3 has XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Modx Revolution
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-7976 MEDIUM This Month

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Huawei Espace Desktop
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-8921 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Drive Server
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-5524 MEDIUM This Month

Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Application Acceleration Manager Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Analytics +7
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-11645 MEDIUM PATCH This Month

psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript
NVD
CVSS 3.0
5.3
EPSS
2.6%
CVE-2018-5525 MEDIUM This Month

A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Application Acceleration Manager Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy