Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-17 CVE-2017-1000240 Cross-site Scripting vulnerability in Open-Emr Openemr
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions.
network
low complexity
open-emr CWE-79
5.4
2017-11-17 CVE-2017-1000239 Cross-site Scripting vulnerability in Invoiceplane 1.4.10
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site.
network
low complexity
invoiceplane CWE-79
5.4
2017-11-17 CVE-2017-1000188 Cross-site Scripting vulnerability in EJS
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
network
low complexity
ejs CWE-79
6.1
2017-11-17 CVE-2017-1000209 Improper Certificate Validation vulnerability in Nv-Websocket-Client Project Nv-Websocket-Client
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate.
network
high complexity
nv-websocket-client-project CWE-295
5.9
2017-11-17 CVE-2017-1000201 Improper Input Validation vulnerability in Tcmu-Runner Project Tcmu-Runner
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack
local
low complexity
tcmu-runner-project CWE-20
5.5
2017-11-17 CVE-2017-1000193 Cross-site Scripting vulnerability in Octobercms October
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.
network
low complexity
octobercms CWE-79
6.1
2017-11-17 CVE-2017-1000213 Cross-site Scripting vulnerability in Wbce CMS 1.1.11
WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search
network
low complexity
wbce CWE-79
4.8
2017-11-17 CVE-2017-1000186 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools
In SWFTools, a stack overflow was found in pdf2swf.
local
low complexity
swftools CWE-119
5.5
2017-11-17 CVE-2017-1000185 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools
In SWFTools, a memcpy buffer overflow was found in gif2swf.
local
low complexity
swftools CWE-119
5.5
2017-11-17 CVE-2017-1000182 Missing Release of Resource after Effective Lifetime vulnerability in Swftools
In SWFTools, a memory leak was found in wav2swf.
local
low complexity
swftools CWE-772
5.5