|
248031
|
5.4 |
MEDIUM
Network
|
s9y
|
serendipity
|
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xss…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8102
|
2024-11-21 12:33 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248032
|
8.8 |
HIGH
Network
|
s9y
|
serendipity
|
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
|
CWE-352
Origin Validation Error
|
CVE-2017-8101
|
2024-11-21 12:33 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248033
|
6.5 |
MEDIUM
Network
|
artistscope
|
copysafe_web_protection
|
There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings.
|
CWE-352
Origin Validation Error
|
CVE-2017-8100
|
2024-11-21 12:33 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248034
|
8.1 |
HIGH
Network
|
browserweb_inc
|
whizz
|
There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.
|
CWE-352
Origin Validation Error
|
CVE-2017-8099
|
2024-11-21 12:33 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248035
|
6.5 |
MEDIUM
Network
|
e107
|
e107
|
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plu…
|
CWE-352
Origin Validation Error
|
CVE-2017-8098
|
2024-11-21 12:33 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248036
|
6.1 |
MEDIUM
Network
|
exponentcms
|
exponent_cms
|
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8085
|
2024-11-21 12:33 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248037
|
6.1 |
MEDIUM
Network
|
xoops
|
xoops
|
XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7944
|
2024-11-21 12:33 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248038
|
6.5 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving …
|
CWE-352
Origin Validation Error
|
CVE-2017-8082
|
2024-11-21 12:33 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248039
|
5.3 |
MEDIUM
Network
|
tp-link
|
tl-sg108e_firmware
|
On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
|
CWE-287
Improper Authentication
|
CVE-2017-8078
|
2024-11-21 12:33 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248040
|
7.5 |
HIGH
Network
|
tp-link
|
tl-sg108e_firmware
|
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-8077
|
2024-11-21 12:33 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
