|
256791
|
6.1 |
MEDIUM
Network
|
shiba_project
|
shiba
|
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000491
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256792
|
5.4 |
MEDIUM
Network
|
invoiceninja
|
invoice_ninja
|
Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000466
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256793
|
5.4 |
MEDIUM
Network
|
leafpub
|
leafpub
|
Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000463
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256794
|
6.1 |
MEDIUM
Network
|
leanote
|
leanote
|
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000459
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256795
|
8.3 |
HIGH
Network
|
openmicroscopy
|
omero
|
In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.
|
NVD-CWE-noinfo
|
CVE-2017-1000438
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256796
|
9.8 |
CRITICAL
Network
|
creolabs
|
gravity
|
Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000437
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256797
|
6.1 |
MEDIUM
Network
|
furikake_project
|
furikake
|
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('…
|
CWE-601
Open Redirect
|
CVE-2017-1000434
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256798
|
8.1 |
HIGH
Network
|
pysaml2_project
debian
|
pysaml2
debian_linux
|
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
|
CWE-287
Improper Authentication
|
CVE-2017-1000433
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256799
|
8.0 |
HIGH
Network
|
vanillaforums
|
vanilla_forums
|
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
|
CWE-352
Origin Validation Error
|
CVE-2017-1000432
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256800
|
6.1 |
MEDIUM
Network
|
marked_project
|
marked
|
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000427
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
