Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-1000240 | Cross-site Scripting vulnerability in Open-Emr Openemr The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. | 5.4 |
| 2017-11-17 | CVE-2017-1000239 | Cross-site Scripting vulnerability in Invoiceplane 1.4.10 InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site. | 5.4 |
| 2017-11-17 | CVE-2017-1000188 | Cross-site Scripting vulnerability in EJS nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection | 6.1 |
| 2017-11-17 | CVE-2017-1000209 | Improper Certificate Validation vulnerability in Nv-Websocket-Client Project Nv-Websocket-Client The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate. | 5.9 |
| 2017-11-17 | CVE-2017-1000201 | Improper Input Validation vulnerability in Tcmu-Runner Project Tcmu-Runner The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack | 5.5 |
| 2017-11-17 | CVE-2017-1000193 | Cross-site Scripting vulnerability in Octobercms October October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser. | 6.1 |
| 2017-11-17 | CVE-2017-1000213 | Cross-site Scripting vulnerability in Wbce CMS 1.1.11 WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search | 4.8 |
| 2017-11-17 | CVE-2017-1000186 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools In SWFTools, a stack overflow was found in pdf2swf. | 5.5 |
| 2017-11-17 | CVE-2017-1000185 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools In SWFTools, a memcpy buffer overflow was found in gif2swf. | 5.5 |
| 2017-11-17 | CVE-2017-1000182 | Missing Release of Resource after Effective Lifetime vulnerability in Swftools In SWFTools, a memory leak was found in wav2swf. | 5.5 |