Skip to main content
CVE-2018-14840 MEDIUM POC PATCH This Month

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Subrion
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.7%
CVE-2018-14838 MEDIUM POC This Month

rejucms 2.1 has stored XSS via the admin/book.php content parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rejucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10922 MEDIUM POC This Month

An input validation flaw exists in ttembed. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ttembed
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-14835 MEDIUM POC PATCH This Month

Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Subrion Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-10920 MEDIUM This Month

Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Knot Resolver
NVD
CVSS 3.1
6.8
EPSS
3.2%
CVE-2018-3109 MEDIUM PATCH This Month

Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Fusion Middleware
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-3108 MEDIUM PATCH This Month

Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Notification Service). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Fusion Middleware
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-14836 MEDIUM This Month

Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Subrion Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-7649 MEDIUM This Month

Monitorix before 3.10.1 allows XSS via CGI variables. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Monitorix
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-8032 MEDIUM PATCH This Month

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Axis Agile Engineering Data Management Agile Product Lifecycle Management +35
NVD
CVSS 3.1
6.1
EPSS
10.6%
CVE-2018-8037 MEDIUM PATCH This Month

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Apache Information Disclosure Tomcat Debian Linux
NVD
CVSS 3.0
5.9
EPSS
12.1%
CVE-2018-14851 MEDIUM PATCH This Month

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow PHP Ubuntu Linux +2
NVD
CVSS 3.0
5.5
EPSS
4.3%
CVE-2018-1155 MEDIUM PATCH This Month

In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Securitycenter
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1554 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-12448 MEDIUM This Month

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-2933 MEDIUM PATCH This Month

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.0
4.9
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy