Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-25 CVE-2015-7315 Improper Access Control vulnerability in Plone
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
network
high complexity
plone CWE-284
5.9
5.9
2017-09-25 CVE-2015-6748 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.
network
low complexity
jsoup debian CWE-79
6.1
6.1
2017-09-25 CVE-2015-5282 Cross-site Scripting vulnerability in Theforeman Foreman
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
network
low complexity
theforeman CWE-79
6.1
6.1
2017-09-25 CVE-2015-4668 Open Redirect vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
network
low complexity
xceedium CWE-601
6.1
6.1
2017-09-25 CVE-2010-3050 Improper Input Validation vulnerability in Cisco IOS
Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).
network
low complexity
cisco CWE-20
6.5
6.5
2017-09-25 CVE-2010-3049 Improper Input Validation vulnerability in Cisco IOS
Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).
local
low complexity
cisco CWE-20
5.5
5.5
2017-09-25 CVE-2017-9551 Cross-site Scripting vulnerability in Mahara
Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g.
network
low complexity
mahara CWE-79
6.1
6.1
2017-09-25 CVE-2017-1555 Improper Input Validation vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan.
network
low complexity
ibm CWE-20
4.3
4.3
2017-09-25 CVE-2017-1551 Improper Input Validation vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-20
6.1
6.1
2017-09-25 CVE-2017-1424 Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.7.0
IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4