Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-04 | CVE-2018-1190 | Cross-site Scripting vulnerability in multiple products An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. | 6.1 |
| 2018-01-04 | CVE-2017-14383 | Cross-site Scripting vulnerability in Dell EMC Vnx1 Firmware and EMC Vnx2 Firmware In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. | 6.1 |
| 2018-01-04 | CVE-2017-18018 | Race Condition vulnerability in GNU Coreutils In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. | 4.7 |
| 2018-01-03 | CVE-2018-5078 | Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has XSS via the admin/eventlist.php cast parameter. | 4.8 |
| 2018-01-03 | CVE-2018-5077 | Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter. | 4.8 |
| 2018-01-03 | CVE-2018-5076 | Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter. | 4.8 |
| 2018-01-03 | CVE-2018-5075 | Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter. | 4.8 |
| 2018-01-03 | CVE-2018-5074 | Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter. | 4.8 |
| 2018-01-03 | CVE-2018-5073 | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has CSRF via admin/movieedit.php. | 6.8 |
| 2018-01-03 | CVE-2018-5072 | Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter. | 4.8 |