The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in WeaselCMS v0.3.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Rincewind 0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.