Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-18 | CVE-2017-5246 | Injection vulnerability in Biscom Secure File Transfer Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. | 4.3 |
| 2017-07-18 | CVE-2017-10962 | Cross-site Scripting vulnerability in Vanderbilt Redcap REDCap before 7.5.1 has XSS via the query string. | 6.1 |
| 2017-07-18 | CVE-2017-11405 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. | 4.9 |
| 2017-07-18 | CVE-2017-11404 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | 4.9 |
| 2017-07-17 | CVE-2017-9934 | Cross-site Scripting vulnerability in Joomla Joomla! Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. | 6.1 |
| 2017-07-17 | CVE-2017-9813 | Cross-site Scripting vulnerability in Kaspersky Anti-Virus for Linux Server 8.0.3.297 In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS). | 6.1 |
| 2017-07-17 | CVE-2017-9609 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.2 Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. | 5.4 |
| 2017-07-17 | CVE-2017-9340 | Unspecified vulnerability in Owncloud An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2. | 6.5 |
| 2017-07-17 | CVE-2017-9339 | Unspecified vulnerability in Owncloud A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. | 5.3 |
| 2017-07-17 | CVE-2017-9338 | Cross-site Scripting vulnerability in Owncloud Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. | 5.4 |