Skip to main content
CVE-2018-12104 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Knowledge Repo
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-11647 MEDIUM PATCH This Month

index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oauth2Orize Fprm
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-12329 MEDIUM This Month

Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-10377 MEDIUM This Month

PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Burp Suite
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-12073 MEDIUM This Month

An issue was discovered on Eminent EM4544 9.10 devices. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

XSS Em4544
NVD GitHub
CVSS 3.0
5.3
EPSS
0.4%
CVE-2018-12337 MEDIUM This Month

Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
4.6
EPSS
0.3%
CVE-2018-12332 MEDIUM This Month

Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
4.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy