|
252561
|
4.8 |
MEDIUM
Network
|
keystonejs
|
keystone
|
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" fi…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15881
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252562
|
7.2 |
HIGH
Network
|
eyesofnetwork
|
eyesofnetwork
|
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name paramet…
|
CWE-89
SQL Injection
|
CVE-2017-15880
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252563
|
8.8 |
HIGH
Network
|
keystonejs
|
keystone
|
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a …
|
CWE-20
Improper Input Validation
|
CVE-2017-15879
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252564
|
6.1 |
MEDIUM
Network
|
keystonejs
|
keystone
|
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15878
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252565
|
5.5 |
MEDIUM
Local
|
busybox
|
busybox
|
archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2017-15874
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252566
|
5.5 |
MEDIUM
Local
|
busybox
debian
canonical
|
busybox
debian_linux
ubuntu_linux
|
The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-15873
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252567
|
4.8 |
MEDIUM
Network
|
phpwcms
|
phpwcms
|
phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15872
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252568
|
7.5 |
HIGH
Network
|
serialize-to-js_project
|
serialize-to-js
|
The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as dem…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-15871
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252569
|
6.1 |
MEDIUM
Network
|
user-login-history_project
|
user-login-history
|
Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15867
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252570
|
6.1 |
MEDIUM
Network
|
wp_no_external_links_project
|
wp_no_external_links
|
Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15863
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
