Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-11-10	CVE-2017-16782	Cross-site Scripting vulnerability in Home-Assistant In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. network low complexity home-assistant CWE-79	6.1
2017-11-10	CVE-2017-16781	Cross-site Scripting vulnerability in Mybb The installer in MyBB before 1.8.13 has XSS. network low complexity mybb CWE-79	5.4
2017-11-10	CVE-2017-16765	Cross-site Scripting vulnerability in Dlink Dwr-933 Firmware 1.00(Ww)B17 XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. network low complexity dlink CWE-79	6.1
2017-11-10	CVE-2017-16761	Open Redirect vulnerability in Inedo Buildmaster An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. network low complexity inedo CWE-601	6.1
2017-11-10	CVE-2017-16760	Cross-site Scripting vulnerability in Inedo Buildmaster Inedo BuildMaster before 5.8.2 has XSS. network low complexity inedo CWE-79	6.1
2017-11-10	CVE-2017-5201	Information Exposure vulnerability in Netapp Clustered Data Ontap 8.1.4/9.0 NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. low complexity netapp CWE-200	5.7
2017-11-10	CVE-2017-16754	Incorrect Permission Assignment for Critical Resource vulnerability in Boltcms Bolt Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. network low complexity boltcms CWE-732	5.3
2017-11-10	CVE-2017-16633	Information Exposure vulnerability in Joomla Joomla! In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. network low complexity joomla CWE-200	4.3
2017-11-10	CVE-2017-16568	Cross-site Scripting vulnerability in Logitech Media Server 7.9.0 Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. network low complexity logitech CWE-79	5.4
2017-11-10	CVE-2017-16567	Cross-site Scripting vulnerability in Logitech Media Server 7.9.0 Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. network low complexity logitech CWE-79	5.4

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium