|
246831
|
6.1 |
MEDIUM
Network
|
webhammer
|
wp_custom_fields_search
|
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9419
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246832
|
5.4 |
MEDIUM
Network
|
simplece
|
simplece
|
In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9674
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246833
|
8.8 |
HIGH
Network
|
simplece
|
simplece
|
In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password.
|
CWE-352
Origin Validation Error
|
CVE-2017-9673
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246834
|
5.4 |
MEDIUM
Network
|
sap
|
successfactors
|
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9613
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246835
|
4.3 |
MEDIUM
Network
|
atlassian
|
confluence
|
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confl…
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-9505
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246836
|
7.8 |
HIGH
Local
|
gnuplot_project
|
gnuplot
|
An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly hav…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2017-9670
|
2024-11-21 12:36 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246837
|
7.3 |
HIGH
Local
|
infotecs
|
vipnet_client
vipnet_coordinator
|
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorr…
|
CWE-345
CWE-354
CWE-732
Insufficient Verification of Data Authenticity
Improper Validation of Integrity Check Value
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-9606
|
2024-11-21 12:36 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246838
|
6.1 |
MEDIUM
Network
|
epesi
|
epesi
|
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9624
|
2024-11-21 12:36 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246839
|
6.1 |
MEDIUM
Network
|
epesi
|
epesi
|
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9623
|
2024-11-21 12:36 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246840
|
6.1 |
MEDIUM
Network
|
epesi
|
epesi
|
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9622
|
2024-11-21 12:36 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
