Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-31 | CVE-2017-10943 | Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. | 6.5 |
| 2017-10-31 | CVE-2017-10942 | Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. | 6.5 |
| 2017-10-31 | CVE-2017-15273 | Cross-site Scripting vulnerability in Mahara Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts. | 5.4 |
| 2017-10-31 | CVE-2017-14752 | Cross-site Scripting vulnerability in Mahara Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara. | 5.4 |
| 2017-10-31 | CVE-2017-14358 | Open Redirect vulnerability in HP products A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. | 6.1 |
| 2017-10-31 | CVE-2017-14357 | Cross-site Scripting vulnerability in HP products A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. | 6.1 |
| 2017-10-31 | CVE-2017-3934 | Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver. | 5.9 |
| 2017-10-31 | CVE-2017-3933 | Cross-site Scripting vulnerability in Mcafee Network Data Loss Prevention Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack. | 5.4 |
| 2017-10-31 | CVE-2017-14373 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 6.1 |
| 2017-10-31 | CVE-2016-10699 | Cross-site Scripting vulnerability in Dlink Dsl-2740E Firmware 1.00Bg20150720 D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. | 6.1 |