CVEs from 2017
Total
11,608
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5855 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-5854 | medium | 5.5 | 5.5 | 9y ago | base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | |||
| CVE-2017-5852 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file. | |||
| CVE-2017-5851 | medium | 5.5 | 5.5 | 9y ago | The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. NOTE: this typically has… | |||
| CVE-2017-5666 | medium | 5.5 | 5.5 | 9y ago | The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file. | |||
| CVE-2017-5665 | medium | 5.5 | 5.5 | 9y ago | The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | |||
| CVE-2017-5504 | medium | 5.5 | 5.5 | 9y ago | The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | |||
| CVE-2017-5503 | medium | 5.5 | 5.5 | 9y ago | The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impac… | |||
| CVE-2017-5502 | medium | 5.5 | 5.5 | 9y ago | libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |||
| CVE-2017-5501 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2017-5500 | medium | 5.5 | 5.5 | 9y ago | libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |||
| CVE-2017-5499 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2017-5498 | medium | 5.5 | 5.5 | 9y ago | libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |||
| CVE-2017-6299 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c." | |||
| CVE-2017-6197 | medium | 5.5 | 5.5 | 9y ago | The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as d… | |||
| CVE-2017-6076 | medium | 5.5 | 5.5 | 9y ago | In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine. | |||
| CVE-2017-6188 | medium | 5.5 | 5.5 | 9y ago | Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user. | |||
| CVE-2017-6078 | medium | 5.5 | 5.5 | 9y ago | FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section. | |||
| CVE-2017-2368 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "Contacts" component. It allows remote attackers to cause a denial of service (application cra… | |||
| CVE-2017-5986 | medium | 5.5 | 5.5 | 9y ago | Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithr… | |||
| CVE-2017-5025 | medium | 5.5 | 5.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5024 | medium | 5.5 | 5.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-6011 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool. | |||
| CVE-2017-6010 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico fi… | |||
| CVE-2017-6009 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for m… | |||
| CVE-2017-0320 | medium | 5.5 | 5.5 | 9y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system. | |||
| CVE-2017-0319 | medium | 5.5 | 5.5 | 9y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system. | |||
| CVE-2017-0318 | medium | 5.5 | 5.5 | 9y ago | All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system. | |||
| CVE-2017-5896 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image. | |||
| CVE-2017-5846 | medium | 5.5 | 5.5 | 9y ago | The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory r… | |||
| CVE-2017-5844 | medium | 5.5 | 5.5 | 9y ago | The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception… | |||
| CVE-2017-5842 | medium | 5.5 | 5.5 | 9y ago | The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a cr… | |||
| CVE-2017-5837 | medium | 5.5 | 5.5 | 9y ago | The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception… | |||
| CVE-2017-0448 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it c… | |||
| CVE-2017-0426 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could … | |||
| CVE-2017-0425 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be … | |||
| CVE-2017-0424 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate … | |||
| CVE-2017-0421 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. … | |||
| CVE-2017-0420 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issu… | |||
| CVE-2017-0414 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This… | |||
| CVE-2017-0413 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This… | |||
| CVE-2017-5595 | medium | 5.5 | 5.5 | 10y ago | A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated… | |||
| CVE-2017-5577 | medium | 5.5 | 5.5 | 10y ago | The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local… | |||
| CVE-2017-5550 | medium | 5.5 | 5.5 | 10y ago | Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportu… | |||
| CVE-2017-5549 | medium | 5.5 | 5.5 | 10y ago | The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line sta… | |||
| CVE-2017-0398 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be … | |||
| CVE-2017-0402 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels.… | |||
| CVE-2017-0401 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of … | |||
| CVE-2017-0400 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels.… | |||
| CVE-2017-0399 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of … | |||
| CVE-2017-0397 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated… | |||
| CVE-2017-0396 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. Thi… | |||
| CVE-2017-0395 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of … | |||
| CVE-2017-0393 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the poss… | |||
| CVE-2017-0392 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rat… | |||
| CVE-2017-0391 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is r… | |||
| CVE-2017-0390 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to … | |||
| CVE-2017-0388 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is … | |||
| CVE-2017-2947 | medium | 5.5 | 5.5 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF). | |||
| CVE-2017-5217 | medium | 5.5 | 5.5 | 10y ago | Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. Th… | |||
| CVE-2017-5216 | medium | 5.5 | 5.5 | 10y ago | Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the "Import to Phonebook" option. When a specially design… | |||
| CVE-2017-14506 | medium | 5.4 | 5.4 | 4y ago | Gem in a Box vulnerable to Cross-site Scripting | |||
| CVE-2017-18004 | medium | 5.4 | 5.4 | 9y ago | Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | |||
| CVE-2017-17995 | medium | 5.4 | 5.4 | 9y ago | Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | |||
| CVE-2017-17994 | medium | 5.4 | 5.4 | 9y ago | Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | |||
| CVE-2017-17993 | medium | 5.4 | 5.4 | 9y ago | Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. | |||
| CVE-2017-17991 | medium | 5.4 | 5.4 | 9y ago | Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | |||
| CVE-2017-17989 | medium | 5.4 | 5.4 | 9y ago | Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. | |||
| CVE-2017-17981 | medium | 5.4 | 5.4 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. | |||
| CVE-2017-15892 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND… | |||
| CVE-2017-17904 | medium | 5.4 | 5.4 | 9y ago | FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile. | |||
| CVE-2017-17832 | medium | 5.4 | 5.4 | 9y ago | ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, … | |||
| CVE-2017-1365 | medium | 5.4 | 5.4 | 9y ago | IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip… | |||
| CVE-2017-15312 | medium | 5.4 | 5.4 | 9y ago | Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious script… | |||
| CVE-2017-14363 | medium | 5.4 | 5.4 | 9y ago | Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scrip… | |||
| CVE-2017-0304 | medium | 5.4 | 5.4 | 9y ago | A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact t… | |||
| CVE-2017-5258 | medium | 5.4 | 5.4 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain… | |||
| CVE-2017-5257 | medium | 5.4 | 5.4 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute… | |||
| CVE-2017-5256 | medium | 5.4 | 5.4 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and tho… | |||
| CVE-2017-17745 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. | |||
| CVE-2017-1751 | medium | 5.4 | 5.4 | 9y ago | IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th… | |||
| CVE-2017-1600 | medium | 5.4 | 5.4 | 9y ago | IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-1494 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2017-1266 | medium | 5.4 | 5.4 | 9y ago | IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741. | |||
| CVE-2017-12072 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id par… | |||
| CVE-2017-12630 | medium | 5.4 | 5.4 | 9y ago | Apache Drill vulnerable to Cross-site Scripting | |||
| CVE-2017-17694 | medium | 5.4 | 5.4 | 9y ago | Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter. | |||
| CVE-2017-1546 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend… | |||
| CVE-2017-1683 | medium | 5.4 | 5.4 | 9y ago | IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality … | |||
| CVE-2017-1632 | medium | 5.4 | 5.4 | 9y ago | IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia… | |||
| CVE-2017-1549 | medium | 5.4 | 5.4 | 9y ago | IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia… | |||
| CVE-2017-1536 | medium | 5.4 | 5.4 | 9y ago | IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI th… | |||
| CVE-2017-1498 | medium | 5.4 | 5.4 | 9y ago | IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… | |||
| CVE-2017-1482 | medium | 5.4 | 5.4 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… | |||
| CVE-2017-1465 | medium | 5.4 | 5.4 | 9y ago | IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit thi… | |||
| CVE-2017-1354 | medium | 5.4 | 5.4 | 9y ago | IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functi… | |||
| CVE-2017-17094 | medium | 5.4 | 5.4 | 9y ago | wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. | |||
| CVE-2017-17093 | medium | 5.4 | 5.4 | 9y ago | wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language settin… | |||
| CVE-2017-17092 | medium | 5.4 | 5.4 | 9y ago | wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted fi… | |||
| CVE-2017-12358 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack a… |