Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-22 CVE-2018-6002 Cross-site Scripting vulnerability in Webartisan Soundy Background Music
The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter).
network
low complexity
webartisan CWE-79
6.1
6.1
2018-01-22 CVE-2018-6001 Cross-site Scripting vulnerability in Webartisan Soundy Audio Playlist
The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter).
network
low complexity
webartisan CWE-79
6.1
6.1
2018-01-22 CVE-2018-1045 Cross-site Scripting vulnerability in Moodle
In Moodle 3.x, there is XSS via a calendar event name.
network
low complexity
moodle CWE-79
5.4
5.4
2018-01-22 CVE-2018-1044 Information Exposure vulnerability in Moodle
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.
network
low complexity
moodle CWE-200
4.3
4.3
2018-01-22 CVE-2018-1043 Unspecified vulnerability in Moodle
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.
network
low complexity
moodle
6.5
6.5
2018-01-22 CVE-2018-1042 Server-Side Request Forgery (SSRF) vulnerability in Moodle
Moodle 3.x has Server Side Request Forgery in the filepicker.
network
low complexity
moodle CWE-918
6.5
6.5
2018-01-22 CVE-2018-5962 Cross-site Scripting vulnerability in Control-Webpanel Webpanel
index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module.
network
low complexity
control-webpanel CWE-79
6.1
6.1
2018-01-22 CVE-2018-5961 Cross-site Scripting vulnerability in Control-Webpanel Webpanel
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.
network
low complexity
control-webpanel CWE-79
6.1
6.1
2018-01-20 CVE-2017-15111 Link Following vulnerability in Keycloak-Httpd-Client-Install Project Keycloak-Httpd-Client-Install
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link. 		5.5
5.5
2018-01-19 CVE-2017-12114 Incorrect Authorization vulnerability in Ethereum Cpp-Ethereum
An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768).
network
high complexity
ethereum CWE-863
6.8
6.8