Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-27 | CVE-2015-7668 | Cross-site Scripting vulnerability in Easy2Map Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter. | 6.1 |
| 2017-12-27 | CVE-2015-7667 | Cross-site Scripting vulnerability in Web-Mv Resads 1.0/1.0.1 Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter. | 6.1 |
| 2017-12-27 | CVE-2015-7666 | Cross-site Scripting vulnerability in Codepeople Payment Form for Paypal PRO 1.0.1 Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter. | 6.1 |
| 2017-12-27 | CVE-2015-7324 | Cross-site Scripting vulnerability in Stackideas Komento Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment. | 6.1 |
| 2017-12-27 | CVE-2017-16768 | Cross-site Scripting vulnerability in Synology Mailplus Server Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | 4.8 |
| 2017-12-27 | CVE-2017-7158 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.5 |
| 2017-12-27 | CVE-2017-7154 | Improper Input Validation vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 6.6 |
| 2017-12-27 | CVE-2017-7152 | Unspecified vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.3 |
| 2017-12-27 | CVE-2017-17934 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. | 6.5 |
| 2017-12-27 | CVE-2017-17929 | Cross-site Scripting vulnerability in Ordermanagementscript Professional Service Script PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. | 4.8 |