Skip to main content
CVE-2018-14906 MEDIUM POC This Month

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 3Cx Web Server
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14905 MEDIUM POC This Month

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 3Cx Web Server
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14904 MEDIUM POC This Month

Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14504 MEDIUM POC PATCH This Month

An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE PHP Mantisbt
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-14574 MEDIUM POC PATCH THREAT This Month

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Open Redirect Django Debian Linux Ubuntu Linux
NVD
CVSS 3.0
6.1
EPSS
25.5%
CVE-2018-14876 MEDIUM POC This Month

An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Flif
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-12607 MEDIUM POC This Month

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-12606 MEDIUM POC This Month

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-12605 MEDIUM POC This Month

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-14877 MEDIUM POC This Month

An issue was discovered in WeaselCMS v0.3.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Weaselcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-14873 MEDIUM POC This Month

An issue was discovered in Rincewind 0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rincewind
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-14907 MEDIUM POC This Month

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 3Cx Web Server
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-12989 MEDIUM This Month

The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Console 8 Iqsystem 7
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2018-14773 MEDIUM PATCH This Month

An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Symfony Debian Linux Drupal
NVD GitHub
CVSS 3.1
6.5
EPSS
58.1%
CVE-2018-5489 MEDIUM This Month

NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass 7 Mode Transition Tool
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-14929 MEDIUM This Month

Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Banco
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14924 MEDIUM This Month

Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Banco
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-13055 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS RCE PHP Mantisbt
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-6590 MEDIUM This Month

CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ca Api Developer Portal
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2018-14927 MEDIUM This Month

Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Banco
NVD
CVSS 3.0
5.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy