|
250471
|
5.4 |
MEDIUM
Network
|
metalgenix
|
genixcms
|
Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5515
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250472
|
5.5 |
MEDIUM
Local
|
phpmailer_project
|
phpmailer
|
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to…
|
CWE-200
Information Exposure
|
CVE-2017-5223
|
2024-11-21 12:27 |
2017-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250473
|
5.4 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5494
|
2024-11-21 12:27 |
2017-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250474
|
8.1 |
HIGH
Network
|
b2evolution
|
b2evolution
|
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to prov…
|
CWE-22
Path Traversal
|
CVE-2017-5480
|
2024-11-21 12:27 |
2017-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250475
|
7.5 |
HIGH
Network
|
wordpress
|
wordpress
|
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended a…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2017-5493
|
2024-11-21 12:27 |
2017-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250476
|
8.8 |
HIGH
Network
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims …
|
CWE-352
Origin Validation Error
|
CVE-2017-5492
|
2024-11-21 12:27 |
2017-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250477
|
5.3 |
MEDIUM
Network
|
wordpress
|
wordpress
|
wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2017-5491
|
2024-11-21 12:27 |
2017-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250478
|
6.1 |
MEDIUM
Network
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5490
|
2024-11-21 12:27 |
2017-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250479
|
8.8 |
HIGH
Network
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
|
CWE-352
Origin Validation Error
|
CVE-2017-5489
|
2024-11-21 12:27 |
2017-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250480
|
6.1 |
MEDIUM
Network
|
wordpress
|
wordpress
|
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5488
|
2024-11-21 12:27 |
2017-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
