|
250621
|
6.1 |
MEDIUM
Network
|
caddy_project
|
caddy
|
An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "cadd…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5963
|
2024-11-21 12:28 |
2017-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250622
|
6.1 |
MEDIUM
Network
|
netresearch
|
contexts_wurfl
|
An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "force_ua" HTTP GET parameter passed to the "/…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5962
|
2024-11-21 12:28 |
2017-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250623
|
6.1 |
MEDIUM
Network
|
ionizecms
|
ionize
|
An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/adm…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5961
|
2024-11-21 12:28 |
2017-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250624
|
6.1 |
MEDIUM
Network
|
phalconeye_project
|
phalconeye
|
An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/pu…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5960
|
2024-11-21 12:28 |
2017-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250625
|
9.8 |
CRITICAL
Network
|
serialize-to-js_project
|
serialize-to-js
|
An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaS…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-5954
|
2024-11-21 12:28 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250626
|
9.8 |
CRITICAL
Network
|
vim
|
vim
|
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer over…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-5953
|
2024-11-21 12:28 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250627
|
6.1 |
MEDIUM
Network
|
poodll
|
moodle-filter_poodll
|
An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5945
|
2024-11-21 12:28 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250628
|
6.1 |
MEDIUM
Network
|
wp_mail_project
|
wp_mail
|
An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the conte…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5942
|
2024-11-21 12:28 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250629
|
5.9 |
MEDIUM
Network
|
conversejs
|
converse.js
|
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This…
|
CWE-20
CWE-346
Improper Input Validation
Origin Validation Error
|
CVE-2017-5858
|
2024-11-21 12:28 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250630
|
9.8 |
CRITICAL
Network
|
node-serialize_project
|
node-serialize
|
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaSc…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-5941
|
2024-11-21 12:28 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
