CVEs from 2017
Total
11,615
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1427 | medium | 6.1 | 6.1 | 9y ago | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … | |||
| CVE-2017-1195 | medium | 6.1 | 6.1 | 9y ago | IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafte… | |||
| CVE-2017-3155 | medium | 6.1 | 6.1 | 9y ago | Cross-site Scripting in Apache Atlas | |||
| CVE-2017-3153 | medium | 6.1 | 6.1 | 9y ago | Cross-site Scripting in Apache Atlas | |||
| CVE-2017-3152 | medium | 6.1 | 6.1 | 9y ago | Cross-site Scripting in Apache Atlas | |||
| CVE-2017-3151 | medium | 6.1 | 6.1 | 9y ago | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. | |||
| CVE-2017-3150 | medium | 6.1 | 6.1 | 9y ago | Insecure cookie storage in Apache Atlas | |||
| CVE-2017-12856 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php. | |||
| CVE-2017-2257 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. | |||
| CVE-2017-1489 | medium | 6.1 | 6.1 | 9y ago | IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an… | |||
| CVE-2017-10840 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-10838 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-10837 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-13697 | medium | 6.1 | 6.1 | 9y ago | controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable. | |||
| CVE-2017-13671 | medium | 6.1 | 6.1 | 9y ago | app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisati… | |||
| CVE-2017-9506 | medium | 6.1 | 6.1 | 9y ago | The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network… | |||
| CVE-2017-13138 | medium | 6.1 | 6.1 | 9y ago | DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. | |||
| CVE-2017-7421 | medium | 6.1 | 6.1 | 9y ago | Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micr… | |||
| CVE-2017-12980 | medium | 6.1 | 6.1 | 9y ago | DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-co… | |||
| CVE-2017-12979 | medium | 6.1 | 6.1 | 9y ago | DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger Ja… | |||
| CVE-2017-12948 | medium | 6.1 | 6.1 | 9y ago | Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF. | |||
| CVE-2017-9816 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-12680 | medium | 6.1 | 6.1 | 9y ago | Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. | |||
| CVE-2017-12927 | medium | 6.1 | 6.1 | 9y ago | A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. | |||
| CVE-2017-6788 | medium | 6.1 | 6.1 | 9y ago | The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) a… | |||
| CVE-2017-6776 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the we… | |||
| CVE-2017-12907 | medium | 6.1 | 6.1 | 9y ago | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php. | |||
| CVE-2017-9802 | medium | 6.1 | 6.1 | 9y ago | Improper Neutralization of Input During Web Page Generation Apache Sling Servlets Post | |||
| CVE-2017-12798 | medium | 6.1 | 6.1 | 9y ago | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php. | |||
| CVE-2017-12777 | medium | 6.1 | 6.1 | 9y ago | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php. | |||
| CVE-2017-8642 | medium | 6.1 | 6.1 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation o… | |||
| CVE-2017-10258 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Add New Image). The supported version that is affected is 9.1.0. Easily exploita… | |||
| CVE-2017-10257 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Browse Folder Hierarchy). The supported version that is affected is 9.1.0. Easil… | |||
| CVE-2017-10256 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP). The supported version that is affected is 9.1.0. Easily exploit… | |||
| CVE-2017-10255 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP). The supported version that is affected is 9.1.0. Easily exploit… | |||
| CVE-2017-10253 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Pivot Grid). Supported versions that are affected are 8.54 and 8.55. Easily exploitable v… | |||
| CVE-2017-10249 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily explo… | |||
| CVE-2017-10248 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP). The supported version that is affected is 9.1.0. Easily exploit… | |||
| CVE-2017-10247 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: HTML Area). The supported version that is affected is 9.1.0. Easily exploitable … | |||
| CVE-2017-10215 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_DEFN_CATG). The supported version that is affected is 9.1.0. Easily exploi… | |||
| CVE-2017-10211 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). The supported version that is affected is 8.10.x. Easily exploitable vulnerability all… | |||
| CVE-2017-10178 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Ea… | |||
| CVE-2017-10172 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Framework). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.… | |||
| CVE-2017-10128 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploi… | |||
| CVE-2017-10126 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: HTML Area). The supported version that is affected is 9.1.0. Easily exploitable … | |||
| CVE-2017-10121 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily explo… | |||
| CVE-2017-10106 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulne… | |||
| CVE-2017-10100 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: HTML Area). The supported version that is affected is 9.1.0. Easily exploitable … | |||
| CVE-2017-10097 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easil… | |||
| CVE-2017-10092 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil… | |||
| CVE-2017-10083 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.… | |||
| CVE-2017-10082 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil… | |||
| CVE-2017-10080 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil… | |||
| CVE-2017-10079 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Hospitality Suites Management component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 3.7. Easily exploitable vulnerab… | |||
| CVE-2017-10070 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Maintenance Folders). The supported version that is affected is 9.1.0. Easily ex… | |||
| CVE-2017-10064 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploi… | |||
| CVE-2017-10052 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: PCMServlet). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerab… | |||
| CVE-2017-10049 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Siebel Core CRM component of Oracle Siebel CRM (subcomponent: Search). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthentic… | |||
| CVE-2017-10021 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search). Supported versions that are affected are 8.54 and 8.55. Easily exploitable v… | |||
| CVE-2017-10017 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workcenter). Supported versions that are affected are 8.54 and 8.55. Easily exploitable v… | |||
| CVE-2017-10005 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 an… | |||
| CVE-2017-12677 | medium | 6.1 | 6.1 | 9y ago | IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the Iden… | |||
| CVE-2017-12655 | medium | 6.1 | 6.1 | 9y ago | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action. | |||
| CVE-2017-12649 | medium | 6.1 | 6.1 | 9y ago | Liferay Portal Vulnerable to XSS via Mishandled Title or Summary in the Web Content Display | |||
| CVE-2017-12648 | medium | 6.1 | 6.1 | 9y ago | Liferay Portal XSS Vulnerability | |||
| CVE-2017-12647 | medium | 6.1 | 6.1 | 9y ago | Liferay Portal Vulnerable to XSS via a Knowledge Base Article Title | |||
| CVE-2017-12646 | medium | 6.1 | 6.1 | 9y ago | Liferay Portal XSS Vulnerability | |||
| CVE-2017-12645 | medium | 6.1 | 6.1 | 9y ago | Liferay Portal Vulnerable to XSS via an Invalid portletId | |||
| CVE-2017-6765 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripti… | |||
| CVE-2017-6762 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS… | |||
| CVE-2017-6761 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a use… | |||
| CVE-2017-12583 | medium | 6.1 | 6.1 | 9y ago | DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php. | |||
| CVE-2017-12413 | medium | 6.1 | 6.1 | 9y ago | AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml. | |||
| CVE-2017-1327 | medium | 6.1 | 6.1 | 9y ago | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… | |||
| CVE-2017-9467 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote… | |||
| CVE-2017-9459 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attacke… | |||
| CVE-2017-9244 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Car… | |||
| CVE-2017-2285 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2284 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-12200 | medium | 6.1 | 6.1 | 9y ago | The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component. | |||
| CVE-2017-12139 | medium | 6.1 | 6.1 | 9y ago | XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php. | |||
| CVE-2017-12138 | medium | 6.1 | 6.1 | 9y ago | XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter. | |||
| CVE-2017-1500 | medium | 6.1 | 6.1 | 9y ago | A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parame… | |||
| CVE-2017-12062 | medium | 6.1 | 6.1 | 9y ago | MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php | |||
| CVE-2017-12061 | medium | 6.1 | 6.1 | 9y ago | MantisBT XSS allows unsanitized input via admin/install.php | |||
| CVE-2017-12131 | medium | 6.1 | 6.1 | 9y ago | The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excer… | |||
| CVE-2017-12068 | medium | 6.1 | 6.1 | 9y ago | The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action. | |||
| CVE-2017-11727 | medium | 6.1 | 6.1 | 9y ago | services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafte… | |||
| CVE-2017-1332 | medium | 6.1 | 6.1 | 9y ago | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… | |||
| CVE-2017-1303 | medium | 6.1 | 6.1 | 9y ago | IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alteri… | |||
| CVE-2017-11744 | medium | 6.1 | 6.1 | 9y ago | In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when t… | |||
| CVE-2017-11737 | medium | 6.1 | 6.1 | 9y ago | interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page. | |||
| CVE-2017-6259 | medium | 6.1 | 6.1 | 9y ago | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denia… | |||
| CVE-2017-11718 | medium | 6.1 | 6.1 | 9y ago | There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. | |||
| CVE-2017-11716 | medium | 6.1 | 6.1 | 9y ago | MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. | |||
| CVE-2017-11687 | medium | 6.1 | 6.1 | 9y ago | Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitr… | |||
| CVE-2017-11686 | medium | 6.1 | 6.1 | 9y ago | Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the p… | |||
| CVE-2017-11685 | medium | 6.1 | 6.1 | 9y ago | Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web… | |||
| CVE-2017-11682 | medium | 6.1 | 6.1 | 9y ago | Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php. | |||
| CVE-2017-11677 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php. |