CVEs from 2017
Total
11,607
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1287 | medium | 5.4 | 5.4 | 9y ago | IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker c… | |||
| CVE-2017-1249 | medium | 5.4 | 5.4 | 9y ago | IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall… | |||
| CVE-2017-1245 | medium | 5.4 | 5.4 | 9y ago | IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in… | |||
| CVE-2017-11594 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new threa… | |||
| CVE-2017-1372 | medium | 5.4 | 5.4 | 9y ago | IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… | |||
| CVE-2017-11441 | medium | 5.4 | 5.4 | 9y ago | The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka… | |||
| CVE-2017-11439 | medium | 5.4 | 5.4 | 9y ago | In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter. | |||
| CVE-2017-5247 | medium | 5.4 | 5.4 | 9y ago | Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that c… | |||
| CVE-2017-9609 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. | |||
| CVE-2017-9338 | medium | 5.4 | 5.4 | 9y ago | Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to… | |||
| CVE-2017-11128 | medium | 5.4 | 5.4 | 9y ago | Bolt stored Cross-site Scripting (XSS) | |||
| CVE-2017-11127 | medium | 5.4 | 5.4 | 9y ago | Bolt CMS Stored XSS | |||
| CVE-2017-8005 | medium | 5.4 | 5.4 | 9y ago | The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle… | |||
| CVE-2017-2339 | medium | 5.4 | 5.4 | 9y ago | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript… | |||
| CVE-2017-2338 | medium | 5.4 | 5.4 | 9y ago | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript… | |||
| CVE-2017-2337 | medium | 5.4 | 5.4 | 9y ago | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript… | |||
| CVE-2017-2336 | medium | 5.4 | 5.4 | 9y ago | A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content… | |||
| CVE-2017-2335 | medium | 5.4 | 5.4 | 9y ago | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript… | |||
| CVE-2017-1000023 | medium | 5.4 | 5.4 | 9y ago | LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. | |||
| CVE-2017-11201 | medium | 5.4 | 5.4 | 9y ago | application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action. | |||
| CVE-2017-11182 | medium | 5.4 | 5.4 | 9y ago | In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable. | |||
| CVE-2017-11181 | medium | 5.4 | 5.4 | 9y ago | In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable. | |||
| CVE-2017-6734 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack aga… | |||
| CVE-2017-11163 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, r… | |||
| CVE-2017-2145 | medium | 5.4 | 5.4 | 9y ago | Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. | |||
| CVE-2017-2144 | medium | 5.4 | 5.4 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page. | |||
| CVE-2017-10970 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error fun… | |||
| CVE-2017-1096 | medium | 5.4 | 5.4 | 9y ago | IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… | |||
| CVE-2017-1208 | medium | 5.4 | 5.4 | 9y ago | IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functi… | |||
| CVE-2017-1113 | medium | 5.4 | 5.4 | 9y ago | IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… | |||
| CVE-2017-6717 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interf… | |||
| CVE-2017-6716 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of th… | |||
| CVE-2017-6715 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interf… | |||
| CVE-2017-6698 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiali… | |||
| CVE-2017-6605 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack a… | |||
| CVE-2017-1106 | medium | 5.4 | 5.4 | 9y ago | IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2017-5241 | medium | 5.4 | 5.4 | 9y ago | Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well… | |||
| CVE-2017-1234 | medium | 5.4 | 5.4 | 9y ago | IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… | |||
| CVE-2017-1348 | medium | 5.4 | 5.4 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… | |||
| CVE-2017-1132 | medium | 5.4 | 5.4 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… | |||
| CVE-2017-3948 | medium | 5.4 | 5.4 | 9y ago | Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecti… | |||
| CVE-2017-9674 | medium | 5.4 | 5.4 | 9y ago | In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user. | |||
| CVE-2017-9613 | medium | 5.4 | 5.4 | 9y ago | Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. | |||
| CVE-2017-8530 | medium | 5.4 | 5.4 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not p… | |||
| CVE-2017-8514 | medium | 5.4 | 5.4 | 9y ago | An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability". | |||
| CVE-2017-1104 | medium | 5.4 | 5.4 | 9y ago | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… | |||
| CVE-2017-1102 | medium | 5.4 | 5.4 | 9y ago | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… | |||
| CVE-2017-1101 | medium | 5.4 | 5.4 | 9y ago | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… | |||
| CVE-2017-1100 | medium | 5.4 | 5.4 | 9y ago | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… | |||
| CVE-2017-1278 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web brow… | |||
| CVE-2017-1276 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-1247 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-9548 | medium | 5.4 | 5.4 | 9y ago | admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Pa… | |||
| CVE-2017-9547 | medium | 5.4 | 5.4 | 9y ago | admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and… | |||
| CVE-2017-5004 | medium | 5.4 | 5.4 | 9y ago | EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) v… | |||
| CVE-2017-1140 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional… | |||
| CVE-2017-1305 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended … | |||
| CVE-2017-9448 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in co… | |||
| CVE-2017-9331 | medium | 5.4 | 5.4 | 9y ago | The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers t… | |||
| CVE-2017-9298 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. | |||
| CVE-2017-9249 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is… | |||
| CVE-2017-1291 | medium | 5.4 | 5.4 | 9y ago | IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return … | |||
| CVE-2017-5870 | medium | 5.4 | 5.4 | 9y ago | ViMbAdmin Cross-site Scripting Vulnerabilities | |||
| CVE-2017-1320 | medium | 5.4 | 5.4 | 9y ago | IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional… | |||
| CVE-2017-1282 | medium | 5.4 | 5.4 | 9y ago | IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali… | |||
| CVE-2017-1159 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remo… | |||
| CVE-2017-2173 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-4978 | medium | 5.4 | 5.4 | 9y ago | EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to com… | |||
| CVE-2017-9070 | medium | 5.4 | 5.4 | 9y ago | MODX Revolution cross-site scripting vulnerability | |||
| CVE-2017-2122 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-0255 | medium | 5.4 | 5.4 | 9y ago | Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability… | |||
| CVE-2017-0893 | medium | 5.4 | 5.4 | 9y ago | Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour cha… | |||
| CVE-2017-0891 | medium | 5.4 | 5.4 | 9y ago | Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. | |||
| CVE-2017-0890 | medium | 5.4 | 5.4 | 9y ago | Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the s… | |||
| CVE-2017-6029 | medium | 5.4 | 5.4 | 9y ago | A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution. | |||
| CVE-2017-8762 | medium | 5.4 | 5.4 | 9y ago | GeniXCMS Cross-site Scripting (XSS) | |||
| CVE-2017-8376 | medium | 5.4 | 5.4 | 9y ago | GeniXCMS Cross-site Scripting (XSS) | |||
| CVE-2017-2148 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2127 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2114 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2092 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-8302 | medium | 5.4 | 5.4 | 9y ago | Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/vie… | |||
| CVE-2017-8298 | medium | 5.4 | 5.4 | 9y ago | Canvs Canvas Cross-site Scripting (XSS) via title and content fields | |||
| CVE-2017-3569 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Business Events). Supported versions that are affected are 5.4.0.x,… | |||
| CVE-2017-3515 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: User Name/Password Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5… | |||
| CVE-2017-3492 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affect… | |||
| CVE-2017-3489 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Security Management System). Supported versions that are affected are 12.0.1… | |||
| CVE-2017-3484 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are… | |||
| CVE-2017-3482 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.0, 12.0.1, 12.… | |||
| CVE-2017-3479 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 … | |||
| CVE-2017-3478 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Eas… | |||
| CVE-2017-3455 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerabili… | |||
| CVE-2017-3451 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Web). Supported versions that are affected are 4.0, 5.0, 5.1, 5.3, 6.0,6.1, 15.0 and 1… | |||
| CVE-2017-3304 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: DD). Supported versions that are affected are 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5… | |||
| CVE-2017-3288 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3… | |||
| CVE-2017-8102 | medium | 5.4 | 5.4 | 9y ago | Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xss… | |||
| CVE-2017-6618 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerab… | |||
| CVE-2017-6617 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to … | |||
| CVE-2017-1160 | medium | 5.4 | 5.4 | 9y ago | IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI t… | |||
| CVE-2017-7188 | medium | 5.4 | 5.4 | 9y ago | Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. |