Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-11 CVE-2017-14371 Cross-site Scripting vulnerability in RSA Archer GRC Platform
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL.
network
low complexity
rsa CWE-79
6.1
6.1
2017-10-11 CVE-2017-14370 Cross-site Scripting vulnerability in RSA Archer GRC Platform
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field.
network
low complexity
rsa CWE-79
5.4
5.4
2017-10-11 CVE-2017-14369 Unspecified vulnerability in RSA Archer GRC Platform
RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability.
network
low complexity
rsa
4.3
4.3
2017-10-11 CVE-2017-14588 Cross-site Scripting vulnerability in Atlassian Fisheye
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.
network
low complexity
atlassian CWE-79
6.1
6.1
2017-10-11 CVE-2017-14587 Cross-site Scripting vulnerability in Atlassian Fisheye
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.
network
low complexity
atlassian CWE-79
5.4
5.4
2017-10-11 CVE-2017-15266 Divide By Zero vulnerability in GNU Libextractor 1.4
In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.
local
low complexity
gnu CWE-369
5.5
5.5
2017-10-11 CVE-2017-7352 Cross-site Scripting vulnerability in Purestorage Purity 4.7.5
Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.
network
low complexity
purestorage CWE-79
5.4
5.4
2017-10-11 CVE-2017-15232 NULL Pointer Dereference vulnerability in Libjpeg-Turbo 1.5.2
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
network
low complexity
libjpeg-turbo CWE-476
6.5
6.5
2017-10-11 CVE-2017-15215 Cross-site Scripting vulnerability in Shaarli Project Shaarli 0.9.1
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php.
network
low complexity
shaarli-project CWE-79
6.1
6.1
2017-10-11 CVE-2017-15214 Cross-site Scripting vulnerability in Flyspray 1.0
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
network
low complexity
flyspray CWE-79
5.4
5.4