Skip to main content
CVE-2018-17051 MEDIUM POC This Month

K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cisco Cisco Configuration Manager
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-17049 MEDIUM POC This Month

CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cqu Lankers
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-17046 MEDIUM POC This Month

translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Translate Man
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17039 MEDIUM POC This Month

MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Minicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-17034 MEDIUM POC This Month

UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17031 MEDIUM POC PATCH This Month

In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gogs
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-17042 MEDIUM POC This Month

An issue has been found in dbf2txt through 2012-07-19. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dbf2Txt
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-16242 MEDIUM POC This Month

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Smart Locker Firmware Obike Stationless Bike Sharing
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2018-10763 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Synaman
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
1.7%
CVE-2018-17044 MEDIUM POC This Month

In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-11087 MEDIUM PATCH This Month

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure Spring Advanced Message Queuing Protocol Rabbitmq Java Client
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2018-1719 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
5.9
EPSS
2.4%
CVE-2018-1791 MEDIUM This Month

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.9
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy