CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15185 | medium | 5.0 | 5.0 | 9y ago | plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (… | |||
| CVE-2017-9649 | medium | 5.0 | 5.0 | 9y ago | A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1… | |||
| CVE-2017-6774 | medium | 5.0 | 5.0 | 9y ago | A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system fi… | |||
| CVE-2017-10221 | medium | 5.0 | 5.0 | 9y ago | Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulne… | |||
| CVE-2017-2245 | medium | 5.0 | 5.0 | 9y ago | Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2017-8475 | medium | 5.0 | 5.0 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specia… | |||
| CVE-2017-8474 | medium | 5.0 | 5.0 | 9y ago | The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an a… | |||
| CVE-2017-0297 | medium | 5.0 | 5.0 | 9y ago | The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an a… | |||
| CVE-2017-3475 | medium | 5.0 | 5.0 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 … | |||
| CVE-2017-6440 | medium | 5.0 | 5.0 | 9y ago | The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. | |||
| CVE-2017-6439 | medium | 5.0 | 5.0 | 9y ago | Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist fi… | |||
| CVE-2017-6437 | medium | 5.0 | 5.0 | 9y ago | The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file. | |||
| CVE-2017-6436 | medium | 5.0 | 5.0 | 9y ago | The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. | |||
| CVE-2017-6435 | medium | 5.0 | 5.0 | 9y ago | The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file. | |||
| CVE-2017-17824 | medium | 4.9 | 4.9 | 9y ago | The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the … | |||
| CVE-2017-17823 | medium | 4.9 | 4.9 | 9y ago | The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a conne… | |||
| CVE-2017-17822 | medium | 4.9 | 4.9 | 9y ago | The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MyS… | |||
| CVE-2017-4942 | medium | 4.9 | 4.9 | 9y ago | VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administ… | |||
| CVE-2017-15053 | medium | 4.9 | 4.9 | 9y ago | TeamPass Improper Privilege Management | |||
| CVE-2017-15052 | medium | 4.9 | 4.9 | 9y ago | TeamPass Improper Privilege Management | |||
| CVE-2017-16946 | medium | 4.9 | 4.9 | 9y ago | The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. | |||
| CVE-2017-16661 | medium | 4.9 | 4.9 | 9y ago | Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by file… | |||
| CVE-2017-14023 | medium | 4.9 | 4.9 | 9y ago | An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been i… | |||
| CVE-2017-1000145 | medium | 4.9 | 4.9 | 9y ago | Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disa… | |||
| CVE-2017-7083 | medium | 4.9 | 4.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "CFNetwo… | |||
| CVE-2017-10320 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high p… | |||
| CVE-2017-10314 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable v… | |||
| CVE-2017-10313 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows… | |||
| CVE-2017-10311 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high priv… | |||
| CVE-2017-10296 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high priv… | |||
| CVE-2017-10294 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable v… | |||
| CVE-2017-10284 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Stored Procedure). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability all… | |||
| CVE-2017-10279 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable v… | |||
| CVE-2017-10227 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable v… | |||
| CVE-2017-10165 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows h… | |||
| CVE-2017-9538 | medium | 4.9 | 4.9 | 9y ago | The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit… | |||
| CVE-2017-14601 | medium | 4.9 | 4.9 | 9y ago | Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. | |||
| CVE-2017-14600 | medium | 4.9 | 4.9 | 9y ago | Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. | |||
| CVE-2017-2254 | medium | 4.9 | 4.9 | 9y ago | Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input | |||
| CVE-2017-10841 | medium | 4.9 | 4.9 | 9y ago | Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2017-12077 | medium | 4.9 | 4.9 | 9y ago | Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resourc… | |||
| CVE-2017-12076 | medium | 4.9 | 4.9 | 9y ago | Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources… | |||
| CVE-2017-6777 | medium | 4.9 | 4.9 | 9y ago | A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to i… | |||
| CVE-2017-7737 | medium | 4.9 | 4.9 | 9y ago | An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. | |||
| CVE-2017-3646 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privile… | |||
| CVE-2017-3645 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows hig… | |||
| CVE-2017-3644 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high priv… | |||
| CVE-2017-3643 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high priv… | |||
| CVE-2017-3642 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows hig… | |||
| CVE-2017-3641 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily… | |||
| CVE-2017-3640 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high priv… | |||
| CVE-2017-3639 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high priv… | |||
| CVE-2017-3638 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows hig… | |||
| CVE-2017-12419 | medium | 4.9 | 4.9 | 9y ago | If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" sect… | |||
| CVE-2017-1495 | medium | 4.9 | 4.9 | 9y ago | IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID… | |||
| CVE-2017-1370 | medium | 4.9 | 4.9 | 9y ago | IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X… | |||
| CVE-2017-11183 | medium | 4.9 | 4.9 | 9y ago | front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. | |||
| CVE-2017-11440 | medium | 4.9 | 4.9 | 9y ago | In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. | |||
| CVE-2017-11405 | medium | 4.9 | 4.9 | 9y ago | In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/modu… | |||
| CVE-2017-11404 | medium | 4.9 | 4.9 | 9y ago | In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | |||
| CVE-2017-8003 | medium | 4.9 | 4.9 | 9y ago | EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized informa… | |||
| CVE-2017-6690 | medium | 4.9 | 4.9 | 9y ago | A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite o… | |||
| CVE-2017-6668 | medium | 4.9 | 4.9 | 9y ago | Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbi… | |||
| CVE-2017-5966 | medium | 4.9 | 4.9 | 9y ago | Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter. | |||
| CVE-2017-6867 | medium | 4.9 | 4.9 | 9y ago | A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Pr… | |||
| CVE-2017-2117 | medium | 4.9 | 4.9 | 9y ago | Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. | |||
| CVE-2017-3463 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 an… | |||
| CVE-2017-3462 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 an… | |||
| CVE-2017-3461 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 an… | |||
| CVE-2017-3460 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allo… | |||
| CVE-2017-3459 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows h… | |||
| CVE-2017-3458 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high pr… | |||
| CVE-2017-3457 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high pr… | |||
| CVE-2017-3456 | medium | 4.9 | 4.9 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily… | |||
| CVE-2017-3886 | medium | 4.9 | 4.9 | 9y ago | A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries,… | |||
| CVE-2017-6816 | medium | 4.9 | 4.9 | 9y ago | In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | |||
| CVE-2017-5573 | medium | 4.9 | 4.9 | 10y ago | An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators. | |||
| CVE-2017-3277 | medium | 4.9 | 4.9 | 10y ago | Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Client). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. E… | |||
| CVE-2017-3251 | medium | 4.9 | 4.9 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows hig… | |||
| CVE-2017-7400 | medium | 4.8 | 4.8 | 4y ago | OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. | |||
| CVE-2017-17089 | medium | 4.8 | 4.8 | 9y ago | custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | |||
| CVE-2017-17988 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. | |||
| CVE-2017-17986 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | |||
| CVE-2017-17985 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. | |||
| CVE-2017-17984 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. | |||
| CVE-2017-17940 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. | |||
| CVE-2017-17938 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. | |||
| CVE-2017-16768 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | |||
| CVE-2017-17929 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. | |||
| CVE-2017-17925 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. | |||
| CVE-2017-17909 | medium | 4.8 | 4.8 | 9y ago | PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter. | |||
| CVE-2017-17828 | medium | 4.8 | 4.8 | 9y ago | Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter. | |||
| CVE-2017-17825 | medium | 4.8 | 4.8 | 9y ago | The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit … | |||
| CVE-2017-17778 | medium | 4.8 | 4.8 | 9y ago | Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter. | |||
| CVE-2017-15890 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. | |||
| CVE-2017-16789 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authent… | |||
| CVE-2017-14018 | medium | 4.8 | 4.8 | 9y ago | An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used b… | |||
| CVE-2017-13700 | medium | 4.8 | 4.8 | 9y ago | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. | |||
| CVE-2017-1000213 | medium | 4.8 | 4.8 | 9y ago | WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search | |||
| CVE-2017-16842 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script o… |