CVEs from 2017
Total
11,615
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11830 | medium | 5.3 | 6.3 | 9y ago | Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security f… | |||
| CVE-2017-12278 | medium | 6.3 | 6.3 | 9y ago | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resu… | |||
| CVE-2017-5071 | medium | 6.3 | 6.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-15223 | medium | 5.3 | 6.3 | 9y ago | Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an in… | |||
| CVE-2017-10393 | medium | 6.3 | 6.3 | 9y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerab… | |||
| CVE-2017-10385 | medium | 6.3 | 6.3 | 9y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerab… | |||
| CVE-2017-10355 | medium | 5.3 | 6.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Em… | |||
| CVE-2017-10163 | medium | 6.3 | 6.3 | 9y ago | Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, … | |||
| CVE-2017-10153 | medium | 6.3 | 6.3 | 9y ago | Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Gson)). Supported versions that are affected are 7.0, 7.1… | |||
| CVE-2017-14085 | medium | 5.3 | 6.3 | 9y ago | Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version a… | |||
| CVE-2017-1000091 | medium | 6.3 | 6.3 | 9y ago | Jenkins GitHub Branch Source Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2017-7553 | medium | 6.3 | 6.3 | 9y ago | The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpo… | |||
| CVE-2017-14124 | medium | 6.3 | 6.3 | 9y ago | In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to… | |||
| CVE-2017-9978 | medium | 5.3 | 6.3 | 9y ago | On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this infor… | |||
| CVE-2017-12847 | medium | 6.3 | 6.3 | 9y ago | Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-roo… | |||
| CVE-2017-6786 | medium | 6.3 | 6.3 | 9y ago | A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affec… | |||
| CVE-2017-7936 | medium | 6.3 | 6.3 | 9y ago | A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus… | |||
| CVE-2017-11438 | medium | 6.3 | 6.3 | 9y ago | GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a … | |||
| CVE-2017-9493 | medium | 6.3 | 6.3 | 9y ago | The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to conduct successful forced-pairing attacks (between an RF4CE remote and a set-t… | |||
| CVE-2017-9554 | medium | 5.3 | 6.3 | 9y ago | An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. | |||
| CVE-2017-2241 | medium | 6.3 | 6.3 | 9y ago | SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". | |||
| CVE-2017-3631 | medium | 5.3 | 6.3 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privilege… | |||
| CVE-2017-3630 | medium | 5.3 | 6.3 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low pri… | |||
| CVE-2017-8840 | medium | 5.3 | 6.3 | 9y ago | Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request t… | |||
| CVE-2017-7489 | medium | 6.3 | 6.3 | 9y ago | Moodle External blog editing takeover | |||
| CVE-2017-2100 | medium | 6.3 | 6.3 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. | |||
| CVE-2017-2099 | medium | 6.3 | 6.3 | 9y ago | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors. | |||
| CVE-2017-5044 | medium | 6.3 | 6.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5038 | medium | 6.3 | 6.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-6615 | medium | 6.3 | 6.3 | 9y ago | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnera… | |||
| CVE-2017-0882 | medium | 6.3 | 6.3 | 9y ago | Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on Mar… | |||
| CVE-2017-6805 | medium | 5.3 | 6.3 | 9y ago | Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command. | |||
| CVE-2017-0061 | medium | 5.3 | 6.3 | 9y ago | The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code i… | |||
| CVE-2017-6590 | medium | 6.3 | 6.3 | 9y ago | An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login s… | |||
| CVE-2017-5019 | medium | 6.3 | 6.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5014 | medium | 6.3 | 6.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3291 | medium | 6.3 | 6.3 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. … | |||
| CVE-2017-5487 | medium | 5.3 | 6.3 | 10y ago | wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote… | |||
| CVE-2017-15529 | medium | 6.2 | 6.2 | 9y ago | Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device… | |||
| CVE-2017-15707 | medium | 6.2 | 6.2 | 9y ago | Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin | |||
| CVE-2017-8215 | medium | 6.2 | 6.2 | 9y ago | Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions ea… | |||
| CVE-2017-8214 | medium | 6.2 | 6.2 | 9y ago | Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions ea… | |||
| CVE-2017-10356 | medium | 6.2 | 6.2 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embe… | |||
| CVE-2017-10351 | medium | 6.2 | 6.2 | 9y ago | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Supported versions that are affected are 8.54, 8.55 and 8.56. Eas… | |||
| CVE-2017-10706 | medium | 6.2 | 6.2 | 9y ago | When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used. | |||
| CVE-2017-1304 | medium | 6.2 | 6.2 | 9y ago | IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users appl… | |||
| CVE-2017-6899 | medium | 6.2 | 6.2 | 9y ago | The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM device… | |||
| CVE-2017-2330 | medium | 6.2 | 6.2 | 9y ago | A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, … | |||
| CVE-2017-2329 | medium | 6.2 | 6.2 | 9y ago | An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certa… | |||
| CVE-2017-5137 | medium | 6.2 | 6.2 | 10y ago | An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective. | |||
| CVE-2017-14850 | medium | 6.1 | 6.1 | 7y ago | All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with acc… | |||
| CVE-2017-7233 | medium | 6.1 | 6.1 | 8y ago | Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``dj… | |||
| CVE-2017-18006 | medium | 6.1 | 6.1 | 9y ago | netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447. | |||
| CVE-2017-12813 | medium | 6.1 | 6.1 | 9y ago | PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | |||
| CVE-2017-12812 | medium | 6.1 | 6.1 | 9y ago | PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. | |||
| CVE-2017-12811 | medium | 6.1 | 6.1 | 9y ago | PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | |||
| CVE-2017-12810 | medium | 6.1 | 6.1 | 9y ago | PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | |||
| CVE-2017-17971 | medium | 6.1 | 6.1 | 9y ago | Dolibarr ERP and CRM contain XSS Vulnerability | |||
| CVE-2017-17933 | medium | 6.1 | 6.1 | 9y ago | cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. | |||
| CVE-2017-16876 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape t… | |||
| CVE-2017-17958 | medium | 6.1 | 6.1 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. | |||
| CVE-2017-17956 | medium | 6.1 | 6.1 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. | |||
| CVE-2017-17955 | medium | 6.1 | 6.1 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. | |||
| CVE-2017-17954 | medium | 6.1 | 6.1 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. | |||
| CVE-2017-17953 | medium | 6.1 | 6.1 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. | |||
| CVE-2017-17949 | medium | 6.1 | 6.1 | 9y ago | Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. | |||
| CVE-2017-17948 | medium | 6.1 | 6.1 | 9y ago | Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. | |||
| CVE-2017-17937 | medium | 6.1 | 6.1 | 9y ago | Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. | |||
| CVE-2017-17911 | medium | 6.1 | 6.1 | 9y ago | packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. | |||
| CVE-2017-17907 | medium | 6.1 | 6.1 | 9y ago | PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. | |||
| CVE-2017-17896 | medium | 6.1 | 6.1 | 9y ago | Readymade Job Site Script has XSS via the keyword parameter to the /job URI. | |||
| CVE-2017-17893 | medium | 6.1 | 6.1 | 9y ago | Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. | |||
| CVE-2017-17869 | medium | 6.1 | 6.1 | 9y ago | The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. | |||
| CVE-2017-17868 | medium | 6.1 | 6.1 | 9y ago | In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. | |||
| CVE-2017-17859 | medium | 6.1 | 6.1 | 9y ago | Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside X… | |||
| CVE-2017-17826 | medium | 6.1 | 6.1 | 9y ago | The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration§ion=main request. An attacker can e… | |||
| CVE-2017-1262 | medium | 6.1 | 6.1 | 9y ago | IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split respo… | |||
| CVE-2017-4940 | medium | 6.1 | 6.1 | 9y ago | The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-sit… | |||
| CVE-2017-17792 | medium | 6.1 | 6.1 | 9y ago | Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment. | |||
| CVE-2017-17780 | medium | 6.1 | 6.1 | 9y ago | The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following Wo… | |||
| CVE-2017-17775 | medium | 6.1 | 6.1 | 9y ago | Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request. | |||
| CVE-2017-17753 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (… | |||
| CVE-2017-17744 | medium | 6.1 | 6.1 | 9y ago | A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advanceds… | |||
| CVE-2017-17719 | medium | 6.1 | 6.1 | 9y ago | A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to inclu… | |||
| CVE-2017-16950 | medium | 6.1 | 6.1 | 9y ago | Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||
| CVE-2017-17714 | medium | 6.1 | 6.1 | 9y ago | Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /regi… | |||
| CVE-2017-14134 | medium | 6.1 | 6.1 | 9y ago | A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bou… | |||
| CVE-2017-14093 | medium | 6.1 | 6.1 | 9y ago | The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. | |||
| CVE-2017-17698 | medium | 6.1 | 6.1 | 9y ago | Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. | |||
| CVE-2017-1558 | medium | 6.1 | 6.1 | 9y ago | IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remot… | |||
| CVE-2017-1421 | medium | 6.1 | 6.1 | 9y ago | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred… | |||
| CVE-2017-17569 | medium | 6.1 | 6.1 | 9y ago | Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter. | |||
| CVE-2017-16685 | medium | 6.1 | 6.1 | 9y ago | Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs. | |||
| CVE-2017-16681 | medium | 6.1 | 6.1 | 9y ago | Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded. | |||
| CVE-2017-16679 | medium | 6.1 | 6.1 | 9y ago | URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45… | |||
| CVE-2017-16723 | medium | 6.1 | 6.1 | 9y ago | A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SER… | |||
| CVE-2017-11507 | medium | 6.1 | 6.1 | 9y ago | A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScrip… | |||
| CVE-2017-3109 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet. | |||
| CVE-2017-11296 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager. | |||
| CVE-2017-11290 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect adminis… |