|
254161
|
5.4 |
MEDIUM
Network
|
progress
|
sitefinity
|
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18177
|
2024-11-21 12:19 |
2018-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254162
|
5.4 |
MEDIUM
Network
|
progress
|
sitefinity
|
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18176
|
2024-11-21 12:19 |
2018-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254163
|
5.4 |
MEDIUM
Network
|
progress
|
sitefinity
|
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18175
|
2024-11-21 12:19 |
2018-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254164
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.
|
CWE-415
Double Free
|
CVE-2017-18174
|
2024-11-21 12:19 |
2018-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254165
|
8.8 |
HIGH
Network
|
flexense
|
syncbreeze
|
A buffer overflow vulnerability in "Add command" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more th…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17996
|
2024-11-21 12:19 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254166
|
8.6 |
HIGH
Local
|
dokuwiki
debian
|
dokuwiki
debian_linux
|
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run…
|
CWE-20
Improper Input Validation
|
CVE-2017-18123
|
2024-11-21 12:19 |
2018-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254167
|
8.1 |
HIGH
Network
|
simplesamlphp
debian
|
simplesamlphp
debian_linux
|
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more th…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2017-18122
|
2024-11-21 12:19 |
2018-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254168
|
6.1 |
MEDIUM
Network
|
simplesamlphp
debian
|
simplesamlphp
debian_linux
|
The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18121
|
2024-11-21 12:19 |
2018-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254169
|
6.1 |
MEDIUM
Network
|
atlassian
|
confluence
|
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL par…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18086
|
2024-11-21 12:19 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254170
|
6.1 |
MEDIUM
Network
|
atlassian
|
confluence
|
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability thr…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18085
|
2024-11-21 12:19 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
