Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2017-14194 | Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11 The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. | 6.1 |
| 2017-09-07 | CVE-2017-14193 | Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11 The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. | 6.1 |
| 2017-09-07 | CVE-2017-14192 | Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11 The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field. | 6.1 |
| 2017-09-07 | CVE-2017-1502 | Cross-site Scripting vulnerability in IBM Content Navigator 2.0.3/3.0.0/3.0.1 IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-07 | CVE-2017-1189 | Cross-site Scripting vulnerability in IBM Websphere Portal IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. | 6.1 |
| 2017-09-07 | CVE-2017-1098 | Cross-site Scripting vulnerability in IBM Emptoris Supplier Lifecycle Management IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-07 | CVE-2017-12912 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mp3Gain 1.5.2 The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file. | 5.5 |
| 2017-09-07 | CVE-2017-12911 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mp3Gain 1.5.2 The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file. | 5.5 |
| 2017-09-07 | CVE-2017-13754 | Cross-site Scripting vulnerability in Wibu Codemeter 6.50A Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html. | 5.4 |
| 2017-09-07 | CVE-2017-12906 | Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5 Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. | 6.1 |