|
249251
|
6.1 |
MEDIUM
Network
|
roundcube
|
webmail
|
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6820
|
2024-11-21 12:30 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249252
|
6.5 |
MEDIUM
Network
|
wordpress
|
wordpress
|
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an …
|
CWE-352
Origin Validation Error
|
CVE-2017-6819
|
2024-11-21 12:30 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249253
|
6.1 |
MEDIUM
Network
|
wordpress
|
wordpress
|
In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6818
|
2024-11-21 12:30 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249254
|
5.4 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6817
|
2024-11-21 12:30 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249255
|
4.9 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
|
CWE-863
Incorrect Authorization
|
CVE-2017-6816
|
2024-11-21 12:30 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249256
|
6.1 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
|
CWE-20
Improper Input Validation
|
CVE-2017-6815
|
2024-11-21 12:30 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249257
|
5.4 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortco…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6814
|
2024-11-21 12:30 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249258
|
6.1 |
MEDIUM
Network
|
mangoswebv4_project
|
mangoswebv4
|
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter).
|
CWE-79
Cross-site Scripting
|
CVE-2017-6812
|
2024-11-21 12:30 |
2017-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249259
|
6.1 |
MEDIUM
Network
|
mangoswebv4_project
|
mangoswebv4
|
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter).
|
CWE-79
Cross-site Scripting
|
CVE-2017-6811
|
2024-11-21 12:30 |
2017-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249260
|
6.1 |
MEDIUM
Network
|
mangoswebv4_project
|
mangoswebv4
|
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter).
|
CWE-79
Cross-site Scripting
|
CVE-2017-6810
|
2024-11-21 12:30 |
2017-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
