CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9032 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLas… | |||
| CVE-2017-5868 | medium | 6.1 | 6.1 | 9y ago | CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibl… | |||
| CVE-2017-7288 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2174 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2171 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form t… | |||
| CVE-2017-2169 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2168 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web sc… | |||
| CVE-2017-9140 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers … | |||
| CVE-2017-2549 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2497 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger vi… | |||
| CVE-2017-6654 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)… | |||
| CVE-2017-9072 | medium | 6.1 | 6.1 | 9y ago | Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in… | |||
| CVE-2017-9068 | medium | 6.1 | 6.1 | 9y ago | MODX Revolution Reflected XSS | |||
| CVE-2017-9063 | medium | 6.1 | 6.1 | 9y ago | In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. | |||
| CVE-2017-9061 | medium | 6.1 | 6.1 | 9y ago | In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filen… | |||
| CVE-2017-4011 | medium | 6.1 | 6.1 | 9y ago | Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of th… | |||
| CVE-2017-2164 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-8897 | medium | 6.1 | 6.1 | 9y ago | Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF… | |||
| CVE-2017-8892 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image. | |||
| CVE-2017-3894 | medium | 6.1 | 6.1 | 9y ago | A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions… | |||
| CVE-2017-7887 | medium | 6.1 | 6.1 | 9y ago | Dolibarr ERP and CRM contain XSS Vulnerability | |||
| CVE-2017-8876 | medium | 6.1 | 6.1 | 9y ago | Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php. | |||
| CVE-2017-8833 | medium | 6.1 | 6.1 | 9y ago | Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest… | |||
| CVE-2017-8832 | medium | 6.1 | 6.1 | 9y ago | Allen Disk 1.6 has XSS in the id parameter to downfile.php. | |||
| CVE-2017-8801 | medium | 6.1 | 6.1 | 9y ago | Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. | |||
| CVE-2017-8795 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter. | |||
| CVE-2017-8792 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter. | |||
| CVE-2017-8791 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector. | |||
| CVE-2017-8788 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks. | |||
| CVE-2017-8760 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop spe… | |||
| CVE-2017-8304 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. | |||
| CVE-2017-8778 | medium | 6.1 | 6.1 | 9y ago | GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. | |||
| CVE-2017-8763 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a… | |||
| CVE-2017-7430 | medium | 6.1 | 6.1 | 9y ago | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. | |||
| CVE-2017-8384 | medium | 6.1 | 6.1 | 9y ago | Craft CMS XSS Vulnerability | |||
| CVE-2017-2151 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2147 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2136 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | |||
| CVE-2017-2135 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2134 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2124 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php. | |||
| CVE-2017-2123 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php. | |||
| CVE-2017-2118 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2111 | medium | 6.1 | 6.1 | 9y ago | HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earl… | |||
| CVE-2017-2106 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-3008 | medium | 6.1 | 6.1 | 9y ago | Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability. | |||
| CVE-2017-3161 | medium | 6.1 | 6.1 | 9y ago | Improper Neutralization of Input During Web Page Generation in Apache Hadoop | |||
| CVE-2017-7987 | medium | 6.1 | 6.1 | 9y ago | In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. | |||
| CVE-2017-7986 | medium | 6.1 | 6.1 | 9y ago | In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components. | |||
| CVE-2017-7985 | medium | 6.1 | 6.1 | 9y ago | In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. | |||
| CVE-2017-7984 | medium | 6.1 | 6.1 | 9y ago | In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component. | |||
| CVE-2017-5045 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3579 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 1… | |||
| CVE-2017-3573 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing). Supported versions that are affected are 5.4.0.x, 5.4.1.… | |||
| CVE-2017-3537 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Real-Time Scheduler component of Oracle Utilities Applications (subcomponent: Mobile Communications Platform). Supported versions that are affected are 2.2.0.3.13, 2.3.0.0… | |||
| CVE-2017-3532 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Retail Warehouse Management System component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 14.0 and 15.0. Easily "… | |||
| CVE-2017-3530 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Transportation Manager component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, … | |||
| CVE-2017-3501 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.0, 10.1, 15.1 and 15.2. Easily "e… | |||
| CVE-2017-3496 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affect… | |||
| CVE-2017-8103 | medium | 6.1 | 6.1 | 9y ago | In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event. | |||
| CVE-2017-7723 | medium | 6.1 | 6.1 | 9y ago | XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body. | |||
| CVE-2017-5191 | medium | 6.1 | 6.1 | 9y ago | An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. | |||
| CVE-2017-8085 | medium | 6.1 | 6.1 | 9y ago | In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. | |||
| CVE-2017-7944 | medium | 6.1 | 6.1 | 9y ago | XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php. | |||
| CVE-2017-8052 | medium | 6.1 | 6.1 | 9y ago | Craft CMS XSS Vulnerability | |||
| CVE-2017-7992 | medium | 6.1 | 6.1 | 9y ago | Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv pa… | |||
| CVE-2017-7409 | medium | 6.1 | 6.1 | 9y ago | Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. | |||
| CVE-2017-6611 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the w… | |||
| CVE-2017-5183 | medium | 6.1 | 6.1 | 9y ago | NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. | |||
| CVE-2017-7897 | medium | 6.1 | 6.1 | 9y ago | MantisBT XSS via my_view_page.php and view_user_page.php | |||
| CVE-2017-7891 | medium | 6.1 | 6.1 | 9y ago | sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter. | |||
| CVE-2017-7871 | medium | 6.1 | 6.1 | 9y ago | trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter). | |||
| CVE-2017-7626 | medium | 6.1 | 6.1 | 9y ago | The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method). | |||
| CVE-2017-3125 | medium | 6.1 | 6.1 | 9y ago | An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in F… | |||
| CVE-2017-7621 | medium | 6.1 | 6.1 | 9y ago | Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different… | |||
| CVE-2017-7591 | medium | 6.1 | 6.1 | 9y ago | OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/us… | |||
| CVE-2017-7590 | medium | 6.1 | 6.1 | 9y ago | OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name. | |||
| CVE-2017-7583 | medium | 6.1 | 6.1 | 9y ago | ILIAS before 5.2.3 has XSS via SVG documents. | |||
| CVE-2017-6604 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerab… | |||
| CVE-2017-3889 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vu… | |||
| CVE-2017-3848 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user … | |||
| CVE-2017-7579 | medium | 6.1 | 6.1 | 9y ago | inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | |||
| CVE-2017-7443 | medium | 6.1 | 6.1 | 9y ago | apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression. | |||
| CVE-2017-7234 | medium | 6.1 | 6.1 | 9y ago | A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an ope… | |||
| CVE-2017-2475 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2393 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Safari Reader" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks vi… | |||
| CVE-2017-7391 | medium | 6.1 | 6.1 | 9y ago | Magmi XSS Vulnerability | |||
| CVE-2017-7390 | medium | 6.1 | 6.1 | 9y ago | SocialNetwork Cross-Site Scripting (XSS) vulnerability | |||
| CVE-2017-7389 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'ope… | |||
| CVE-2017-7388 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/re… | |||
| CVE-2017-7387 | medium | 6.1 | 6.1 | 9y ago | TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter). | |||
| CVE-2017-7386 | medium | 6.1 | 6.1 | 9y ago | citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). | |||
| CVE-2017-7363 | medium | 6.1 | 6.1 | 9y ago | Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. | |||
| CVE-2017-7362 | medium | 6.1 | 6.1 | 9y ago | Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. | |||
| CVE-2017-7361 | medium | 6.1 | 6.1 | 9y ago | Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. | |||
| CVE-2017-7360 | medium | 6.1 | 6.1 | 9y ago | Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. | |||
| CVE-2017-7359 | medium | 6.1 | 6.1 | 9y ago | Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. | |||
| CVE-2017-7320 | medium | 6.1 | 6.1 | 9y ago | setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a … | |||
| CVE-2017-2687 | medium | 6.1 | 6.1 | 9y ago | Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induc… | |||
| CVE-2017-1120 | medium | 6.1 | 6.1 | 9y ago | IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… |