CVEs from 2017
Total
11,615
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11289 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | |||
| CVE-2017-11288 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | |||
| CVE-2017-11287 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | |||
| CVE-2017-11482 | medium | 6.1 | 6.1 | 9y ago | The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an a… | |||
| CVE-2017-11481 | medium | 6.1 | 6.1 | 9y ago | Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions… | |||
| CVE-2017-10896 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspe… | |||
| CVE-2017-14386 | medium | 6.1 | 6.1 | 9y ago | The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vuln… | |||
| CVE-2017-17451 | medium | 6.1 | 6.1 | 9y ago | The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. | |||
| CVE-2017-17431 | medium | 6.1 | 6.1 | 9y ago | GeniXCMS XSS Vulnerability | |||
| CVE-2017-16856 | medium | 6.1 | 6.1 | 9y ago | The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties… | |||
| CVE-2017-16721 | medium | 6.1 | 6.1 | 9y ago | A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code. | |||
| CVE-2017-17057 | medium | 6.1 | 6.1 | 9y ago | There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Pe… | |||
| CVE-2017-17096 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data. | |||
| CVE-2017-14516 | medium | 6.1 | 6.1 | 9y ago | Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. | |||
| CVE-2017-3105 | medium | 6.1 | 6.1 | 9y ago | Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2. | |||
| CVE-2017-3104 | medium | 6.1 | 6.1 | 9y ago | Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2. | |||
| CVE-2017-11285 | medium | 6.1 | 6.1 | 9y ago | Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |||
| CVE-2017-12366 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is… | |||
| CVE-2017-12356 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack… | |||
| CVE-2017-12347 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicio… | |||
| CVE-2017-12346 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicio… | |||
| CVE-2017-12344 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicio… | |||
| CVE-2017-14197 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins. | |||
| CVE-2017-17059 | medium | 6.1 | 6.1 | 9y ago | XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. | |||
| CVE-2017-17043 | medium | 6.1 | 6.1 | 9y ago | The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filt… | |||
| CVE-2017-15100 | medium | 6.1 | 6.1 | 9y ago | An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends… | |||
| CVE-2017-8044 | medium | 6.1 | 6.1 | 9y ago | In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading… | |||
| CVE-2017-16956 | medium | 6.1 | 6.1 | 9y ago | b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title. | |||
| CVE-2017-8182 | medium | 6.1 | 6.1 | 9y ago | MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user in… | |||
| CVE-2017-8139 | medium | 6.1 | 6.1 | 9y ago | HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to int… | |||
| CVE-2017-8127 | medium | 6.1 | 6.1 | 9y ago | The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. | |||
| CVE-2017-8125 | medium | 6.1 | 6.1 | 9y ago | The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch X… | |||
| CVE-2017-16904 | medium | 6.1 | 6.1 | 9y ago | The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator. | |||
| CVE-2017-16881 | medium | 6.1 | 6.1 | 9y ago | b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor… | |||
| CVE-2017-14077 | medium | 6.1 | 6.1 | 9y ago | Securimage HTML Injection | |||
| CVE-2017-16880 | medium | 6.1 | 6.1 | 9y ago | filp whoops Cross-site Scripting vulnerability | |||
| CVE-2017-1000163 | medium | 6.1 | 6.1 | 9y ago | Phoenix Arbitrary URL Redirect | |||
| CVE-2017-4929 | medium | 6.1 | 6.1 | 9y ago | VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. | |||
| CVE-2017-1000225 | medium | 6.1 | 6.1 | 9y ago | Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can | |||
| CVE-2017-1000188 | medium | 6.1 | 6.1 | 9y ago | nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection | |||
| CVE-2017-1000193 | medium | 6.1 | 6.1 | 9y ago | October CMS XSS | |||
| CVE-2017-16866 | medium | 6.1 | 6.1 | 9y ago | dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field. | |||
| CVE-2017-12323 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-12322 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-12321 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-12320 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-12304 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack… | |||
| CVE-2017-12292 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-12291 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-12290 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-8811 | medium | 6.1 | 6.1 | 9y ago | The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. | |||
| CVE-2017-8808 | medium | 6.1 | 6.1 | 9y ago | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. | |||
| CVE-2017-12738 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected … | |||
| CVE-2017-11863 | medium | 6.1 | 6.1 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious c… | |||
| CVE-2017-16815 | medium | 6.1 | 6.1 | 9y ago | installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/… | |||
| CVE-2017-9085 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/Diagnos… | |||
| CVE-2017-7739 | medium | 6.1 | 6.1 | 9y ago | A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject… | |||
| CVE-2017-13819 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers … | |||
| CVE-2017-16785 | medium | 6.1 | 6.1 | 9y ago | Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. | |||
| CVE-2017-16784 | medium | 6.1 | 6.1 | 9y ago | In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | |||
| CVE-2017-16782 | medium | 6.1 | 6.1 | 9y ago | In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. | |||
| CVE-2017-16765 | medium | 6.1 | 6.1 | 9y ago | XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. | |||
| CVE-2017-16761 | medium | 6.1 | 6.1 | 9y ago | An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. | |||
| CVE-2017-16760 | medium | 6.1 | 6.1 | 9y ago | Inedo BuildMaster before 5.8.2 has XSS. | |||
| CVE-2017-16792 | medium | 6.1 | 6.1 | 9y ago | Geminabox contains Cross-site Scripting | |||
| CVE-2017-16665 | medium | 6.1 | 6.1 | 9y ago | RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL. | |||
| CVE-2017-7425 | medium | 6.1 | 6.1 | 9y ago | Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. | |||
| CVE-2017-12283 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user con… | |||
| CVE-2017-12282 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to ca… | |||
| CVE-2017-14358 | medium | 6.1 | 6.1 | 9y ago | A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited r… | |||
| CVE-2017-14357 | medium | 6.1 | 6.1 | 9y ago | A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could … | |||
| CVE-2017-14373 | medium | 6.1 | 6.1 | 9y ago | EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||
| CVE-2017-7733 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redi… | |||
| CVE-2017-5085 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5069 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-1521 | medium | 6.1 | 6.1 | 9y ago | IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arb… | |||
| CVE-2017-7732 | medium | 6.1 | 6.1 | 9y ago | A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attack… | |||
| CVE-2017-15885 | medium | 6.1 | 6.1 | 9y ago | Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE:… | |||
| CVE-2017-15867 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (… | |||
| CVE-2017-15863 | medium | 6.1 | 6.1 | 9y ago | Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php. | |||
| CVE-2017-15812 | medium | 6.1 | 6.1 | 9y ago | The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel. | |||
| CVE-2017-15810 | medium | 6.1 | 6.1 | 9y ago | The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php. | |||
| CVE-2017-15809 | medium | 6.1 | 6.1 | 9y ago | In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. | |||
| CVE-2017-15380 | medium | 6.1 | 6.1 | 9y ago | XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. | |||
| CVE-2017-7109 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-15736 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to … | |||
| CVE-2017-15648 | medium | 6.1 | 6.1 | 9y ago | In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. | |||
| CVE-2017-10406 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easil… | |||
| CVE-2017-10397 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: BaseMasterPage). The supported version that is affected is 9.0.2.0. Easily … | |||
| CVE-2017-10381 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easil… | |||
| CVE-2017-10368 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). Supported versions that are affected are 9.1.00 and 9.2.… | |||
| CVE-2017-10327 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable … | |||
| CVE-2017-10315 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows un… | |||
| CVE-2017-10302 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows un… | |||
| CVE-2017-10293 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows … | |||
| CVE-2017-10159 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Portal, CMP). Supported versions that are affected are 11.5 and 12.x. Easil… | |||
| CVE-2017-10158 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Core). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable v… | |||
| CVE-2017-10055 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Admin Graphical User Interface). The supported version that is affected is 7.0. Easily exploitable … | |||
| CVE-2017-15612 | medium | 6.1 | 6.1 | 9y ago | mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. | |||
| CVE-2017-12298 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is… |