CVEs from 2017
Total
11,651
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5004 | medium | 5.4 | 5.4 | 9y ago | EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) v… | |||
| CVE-2017-1140 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional… | |||
| CVE-2017-1305 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended … | |||
| CVE-2017-9448 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in co… | |||
| CVE-2017-9331 | medium | 5.4 | 5.4 | 9y ago | The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers t… | |||
| CVE-2017-9298 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. | |||
| CVE-2017-9249 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is… | |||
| CVE-2017-1291 | medium | 5.4 | 5.4 | 9y ago | IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return … | |||
| CVE-2017-5870 | medium | 5.4 | 5.4 | 9y ago | ViMbAdmin Cross-site Scripting Vulnerabilities | |||
| CVE-2017-1320 | medium | 5.4 | 5.4 | 9y ago | IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional… | |||
| CVE-2017-1282 | medium | 5.4 | 5.4 | 9y ago | IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali… | |||
| CVE-2017-1159 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remo… | |||
| CVE-2017-2173 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-4978 | medium | 5.4 | 5.4 | 9y ago | EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to com… | |||
| CVE-2017-9070 | medium | 5.4 | 5.4 | 9y ago | MODX Revolution cross-site scripting vulnerability | |||
| CVE-2017-2122 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-0255 | medium | 5.4 | 5.4 | 9y ago | Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability… | |||
| CVE-2017-0893 | medium | 5.4 | 5.4 | 9y ago | Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour cha… | |||
| CVE-2017-0891 | medium | 5.4 | 5.4 | 9y ago | Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. | |||
| CVE-2017-0890 | medium | 5.4 | 5.4 | 9y ago | Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the s… | |||
| CVE-2017-6029 | medium | 5.4 | 5.4 | 9y ago | A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution. | |||
| CVE-2017-8762 | medium | 5.4 | 5.4 | 9y ago | GeniXCMS Cross-site Scripting (XSS) | |||
| CVE-2017-8376 | medium | 5.4 | 5.4 | 9y ago | GeniXCMS Cross-site Scripting (XSS) | |||
| CVE-2017-2148 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2127 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2114 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2092 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-8302 | medium | 5.4 | 5.4 | 9y ago | Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/vie… | |||
| CVE-2017-8298 | medium | 5.4 | 5.4 | 9y ago | Canvs Canvas Cross-site Scripting (XSS) via title and content fields | |||
| CVE-2017-3569 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Business Events). Supported versions that are affected are 5.4.0.x,… | |||
| CVE-2017-3515 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: User Name/Password Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5… | |||
| CVE-2017-3492 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affect… | |||
| CVE-2017-3489 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Security Management System). Supported versions that are affected are 12.0.1… | |||
| CVE-2017-3484 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are… | |||
| CVE-2017-3482 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.0, 12.0.1, 12.… | |||
| CVE-2017-3479 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 … | |||
| CVE-2017-3478 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Eas… | |||
| CVE-2017-3455 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerabili… | |||
| CVE-2017-3451 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Web). Supported versions that are affected are 4.0, 5.0, 5.1, 5.3, 6.0,6.1, 15.0 and 1… | |||
| CVE-2017-3304 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: DD). Supported versions that are affected are 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5… | |||
| CVE-2017-3288 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3… | |||
| CVE-2017-8102 | medium | 5.4 | 5.4 | 9y ago | Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xss… | |||
| CVE-2017-6618 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerab… | |||
| CVE-2017-6617 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to … | |||
| CVE-2017-1160 | medium | 5.4 | 5.4 | 9y ago | IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI t… | |||
| CVE-2017-7188 | medium | 5.4 | 5.4 | 9y ago | Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. | |||
| CVE-2017-0195 | medium | 5.4 | 5.4 | 9y ago | Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office O… | |||
| CVE-2017-0184 | medium | 5.4 | 5.4 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Se… | |||
| CVE-2017-0178 | medium | 5.4 | 5.4 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails… | |||
| CVE-2017-0169 | medium | 5.4 | 5.4 | 9y ago | An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input fro… | |||
| CVE-2017-3888 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack ag… | |||
| CVE-2017-5900 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 paramete… | |||
| CVE-2017-7298 | medium | 5.4 | 5.4 | 9y ago | Moodle Cross-site Scripting in the Course summary filter of the Add a new course | |||
| CVE-2017-6864 | medium | 5.4 | 5.4 | 9y ago | The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. | |||
| CVE-2017-6878 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php. | |||
| CVE-2017-7257 | medium | 5.4 | 5.4 | 9y ago | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack. | |||
| CVE-2017-7256 | medium | 5.4 | 5.4 | 9y ago | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack. | |||
| CVE-2017-7255 | medium | 5.4 | 5.4 | 9y ago | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack. | |||
| CVE-2017-1146 | medium | 5.4 | 5.4 | 9y ago | IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality… | |||
| CVE-2017-3874 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Informati… | |||
| CVE-2017-3869 | medium | 5.4 | 5.4 | 9y ago | An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. T… | |||
| CVE-2017-0099 | medium | 5.4 | 5.4 | 9y ago | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allo… | |||
| CVE-2017-0098 | medium | 5.4 | 5.4 | 9y ago | Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V … | |||
| CVE-2017-0097 | medium | 5.4 | 5.4 | 9y ago | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest O… | |||
| CVE-2017-0076 | medium | 5.4 | 5.4 | 9y ago | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest O… | |||
| CVE-2017-0074 | medium | 5.4 | 5.4 | 9y ago | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest O… | |||
| CVE-2017-0051 | medium | 5.4 | 5.4 | 9y ago | Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of… | |||
| CVE-2017-5584 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated u… | |||
| CVE-2017-6817 | medium | 5.4 | 5.4 | 9y ago | In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | |||
| CVE-2017-6814 | medium | 5.4 | 5.4 | 9y ago | In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortco… | |||
| CVE-2017-6556 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings … | |||
| CVE-2017-6555 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description paramet… | |||
| CVE-2017-1133 | medium | 5.4 | 5.4 | 9y ago | IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to … | |||
| CVE-2017-5832 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. | |||
| CVE-2017-3847 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interf… | |||
| CVE-2017-5998 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name paramete… | |||
| CVE-2017-1121 | medium | 5.4 | 5.4 | 9y ago | IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… | |||
| CVE-2017-3902 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing … | |||
| CVE-2017-1128 | medium | 5.4 | 5.4 | 9y ago | IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-1127 | medium | 5.4 | 5.4 | 9y ago | IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended … | |||
| CVE-2017-5875 | medium | 5.4 | 5.4 | 9y ago | XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. | |||
| CVE-2017-3810 | medium | 5.4 | 5.4 | 10y ago | A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected s… | |||
| CVE-2017-3799 | medium | 5.4 | 5.4 | 10y ago | A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T2… | |||
| CVE-2017-3795 | medium | 5.4 | 5.4 | 10y ago | A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. K… | |||
| CVE-2017-5553 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a jav… | |||
| CVE-2017-5515 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. | |||
| CVE-2017-5494 | medium | 5.4 | 5.4 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (… | |||
| CVE-2017-5179 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-0360 | medium | 5.3 | 5.3 | 4y ago | file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerabil… | |||
| CVE-2017-17927 | medium | 5.3 | 5.3 | 9y ago | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | |||
| CVE-2017-17926 | medium | 5.3 | 5.3 | 9y ago | PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | |||
| CVE-2017-17924 | medium | 5.3 | 5.3 | 9y ago | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | |||
| CVE-2017-1698 | medium | 5.3 | 5.3 | 9y ago | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. | |||
| CVE-2017-16735 | medium | 5.3 | 5.3 | 9y ago | A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. | |||
| CVE-2017-16733 | medium | 5.3 | 5.3 | 9y ago | A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information … | |||
| CVE-2017-1423 | medium | 5.3 | 5.3 | 9y ago | IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476. | |||
| CVE-2017-17776 | medium | 5.3 | 5.3 | 9y ago | Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter. | |||
| CVE-2017-10905 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. | |||
| CVE-2017-11919 | medium | 5.3 | 5.3 | 9y ago | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows … | |||
| CVE-2017-11887 | medium | 5.3 | 5.3 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows … |