Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-13 CVE-2017-16802 Cross-site Scripting vulnerability in Misp-Project Misp 2.4.82
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.
network
low complexity
misp-project CWE-79
5.4
2017-11-13 CVE-2017-7739 Cross-site Scripting vulnerability in Fortinet Fortios
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim.
network
low complexity
fortinet CWE-79
6.1
2017-11-13 CVE-2017-8806 Link Following vulnerability in Postgresql
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
local
low complexity
postgresql CWE-59
5.5
2017-11-13 CVE-2017-16801 Cross-site Scripting vulnerability in Octopus Deploy
Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter.
network
low complexity
octopus CWE-79
5.4
2017-11-13 CVE-2017-16792 Cross-site Scripting vulnerability in Geminabox Project Geminabox
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.
network
low complexity
geminabox-project CWE-79
6.1
2017-11-13 CVE-2017-7113 Information Exposure vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-200
5.5
2017-11-13 CVE-2017-13849 Improper Input Validation vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-20
5.5
2017-11-13 CVE-2017-13842 Information Exposure vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-200
5.5
2017-11-13 CVE-2017-13841 Information Exposure vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-200
5.5
2017-11-13 CVE-2017-13840 Information Exposure vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-200
5.5