Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-26 | CVE-2017-1225 | Information Exposure vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. | 5.3 |
| 2017-10-26 | CVE-2017-1222 | Improper Authentication vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 6.5 |
| 2017-10-26 | CVE-2017-1220 | Information Exposure vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. | 5.3 |
| 2017-10-26 | CVE-2012-4378 | Cross-site Scripting vulnerability in Mediawiki Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php. | 6.1 |
| 2017-10-26 | CVE-2012-4377 | Cross-site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image. | 6.1 |
| 2017-10-26 | CVE-2017-15922 | Out-of-bounds Read vulnerability in GNU Libextractor 1.4 In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c. | 5.5 |
| 2017-10-26 | CVE-2017-15917 | Improper Privilege Management vulnerability in Paessler Prtg Network Monitor 17.3.33.2830 In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server. | 6.5 |
| 2017-10-26 | CVE-2017-15911 | Cross-site Scripting vulnerability in Igniterealtime Openfire The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. | 4.8 |
| 2017-10-26 | CVE-2017-12158 | Cross-site Scripting vulnerability in multiple products It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. | 5.4 |
| 2017-10-26 | CVE-2017-7732 | Cross-site Scripting vulnerability in Fortinet Fortimail A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests. | 6.1 |