Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-26 | CVE-2017-7335 | Cross-site Scripting vulnerability in Fortinet Fortiwlc A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. | 5.4 |
| 2017-10-26 | CVE-2017-15906 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | 5.3 |
| 2017-10-25 | CVE-2017-1363 | Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management IBM Team Concert (RTC) is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-25 | CVE-2017-1295 | Information Exposure vulnerability in IBM Rational Collaborative Lifecycle Management IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. | 4.3 |
| 2017-10-25 | CVE-2017-1241 | Information Exposure vulnerability in IBM Rational Collaborative Lifecycle Management An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. | 4.3 |
| 2017-10-25 | CVE-2017-1169 | Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-25 | CVE-2017-1164 | Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management IBM Jazz Foundation is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-25 | CVE-2017-15885 | Cross-site Scripting vulnerability in Axis 2100 Network Camera Firmware 2.03 Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. | 6.1 |
| 2017-10-24 | CVE-2017-15881 | Cross-site Scripting vulnerability in Keystonejs Keystone Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878. | 4.8 |
| 2017-10-24 | CVE-2017-15878 | Cross-site Scripting vulnerability in Keystonejs Keystone A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. | 6.1 |