Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-13 | CVE-2016-6019 | Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. | 5.4 |
| 2017-07-13 | CVE-2017-11202 | Cross-site Scripting vulnerability in Finecms Project Finecms FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180. | 6.1 |
| 2017-07-13 | CVE-2017-11201 | Cross-site Scripting vulnerability in Finecms Project Finecms application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action. | 5.4 |
| 2017-07-13 | CVE-2017-11198 | Cross-site Scripting vulnerability in Finecms Project Finecms Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter. | 6.1 |
| 2017-07-12 | CVE-2017-11195 | Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure 8.3R1.0 Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. | 6.1 |
| 2017-07-12 | CVE-2017-11194 | Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure 8.3R1.0 Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. | 6.1 |
| 2017-07-12 | CVE-2017-1321 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. | 6.1 |
| 2017-07-12 | CVE-2017-1285 | Improper Input Validation vulnerability in IBM Websphere MQ 9.0.1/9.0.2 IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. | 6.5 |
| 2017-07-12 | CVE-2016-8953 | Open Redirect vulnerability in IBM Emptoris Sourcing IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.4 |
| 2017-07-12 | CVE-2016-8950 | Cross-site Scripting vulnerability in IBM Emptoris Sourcing IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. | 5.4 |