Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-12-09 CVE-2017-11296 Cross-site Scripting vulnerability in Adobe Experience Manager
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0.
network
low complexity
adobe CWE-79
6.1
6.1
2017-12-09 CVE-2017-11290 Improper Restriction of Rendered UI Layers or Frames vulnerability in Adobe Connect
An issue was discovered in Adobe Connect 9.6.2 and earlier versions.
network
low complexity
adobe CWE-1021
6.1
6.1
2017-12-09 CVE-2017-11289 Cross-site Scripting vulnerability in Adobe Connect
An issue was discovered in Adobe Connect 9.6.2 and earlier versions.
network
low complexity
adobe CWE-79
6.1
6.1
2017-12-09 CVE-2017-11288 Cross-site Scripting vulnerability in Adobe Connect
An issue was discovered in Adobe Connect 9.6.2 and earlier versions.
network
low complexity
adobe CWE-79
6.1
6.1
2017-12-09 CVE-2017-11287 Cross-site Scripting vulnerability in Adobe Connect
An issue was discovered in Adobe Connect 9.6.2 and earlier versions.
network
low complexity
adobe CWE-79
6.1
6.1
2017-12-09 CVE-2017-11273 Information Exposure vulnerability in Adobe Digital Editions
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions.
local
low complexity
adobe CWE-200
5.5
5.5
2017-12-08 CVE-2017-11482 Open Redirect vulnerability in Elastic Kibana
The Kibana fix for CVE-2017-8451 was found to be incomplete.
network
low complexity
elastic CWE-601
6.1
6.1
2017-12-08 CVE-2017-11481 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
network
low complexity
elastic CWE-79
6.1
6.1
2017-12-08 CVE-2017-16854 Information Exposure vulnerability in multiple products
In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.
network
low complexity
otrs debian CWE-200
6.5
6.5
2017-12-08 CVE-2017-15895 Path Traversal vulnerability in Synology Router Manager
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
network
low complexity
synology CWE-22
6.5
6.5