Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-17 | CVE-2014-8707 | Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.2 Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option. | 5.4 |
| 2017-03-17 | CVE-2014-8706 | Information Exposure vulnerability in Pluck-Cms Pluck 4.7.2 Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message. | 5.3 |
| 2017-03-17 | CVE-2014-8703 | Cross-site Scripting vulnerability in Wondercms 2014 Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2017-03-17 | CVE-2014-8702 | Information Exposure vulnerability in Wondercms 2014 Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message. | 5.3 |
| 2017-03-17 | CVE-2017-6966 | Use After Free vulnerability in GNU Binutils 2.28 readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. | 5.5 |
| 2017-03-17 | CVE-2017-6965 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28 readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. | 5.5 |
| 2017-03-17 | CVE-2017-6961 | Improper Input Validation vulnerability in Apng2Gif Project Apng2Gif 1.7 An issue was discovered in apng2gif 1.7. | 5.5 |
| 2017-03-17 | CVE-2017-6958 | Cross-site Scripting vulnerability in Mantisbt Source Integration An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter. | 6.1 |
| 2017-03-17 | CVE-2017-6955 | Improper Input Validation vulnerability in Teleogistic Invite Anyone An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. | 5.3 |
| 2017-03-17 | CVE-2017-6954 | Improper Privilege Management vulnerability in Buddypress An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. | 4.3 |