Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-09-25	CVE-2017-1235	Unspecified vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. network low complexity ibm	6.5
2017-09-25	CVE-2017-14506	Cross-site Scripting vulnerability in Geminabox Project Geminabox geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. network low complexity geminabox-project CWE-79	5.4
2017-09-23	CVE-2017-14726	Cross-site Scripting vulnerability in Wordpress Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. network low complexity wordpress CWE-79	6.1
2017-09-23	CVE-2017-14725	Open Redirect vulnerability in Wordpress Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. network low complexity wordpress CWE-601	5.4
2017-09-23	CVE-2017-14724	Cross-site Scripting vulnerability in Wordpress Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. network low complexity wordpress CWE-79	6.1
2017-09-23	CVE-2017-14721	Cross-site Scripting vulnerability in Wordpress Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. network low complexity wordpress CWE-79	6.1
2017-09-23	CVE-2017-14720	Cross-site Scripting vulnerability in Wordpress Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. network low complexity wordpress CWE-79	6.1
2017-09-23	CVE-2017-14718	Cross-site Scripting vulnerability in Wordpress Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. network low complexity wordpress CWE-79	6.1
2017-09-22	CVE-2017-14717	Cross-site Scripting vulnerability in Telaxius Epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. network low complexity telaxius CWE-79	5.4
2017-09-22	CVE-2017-14716	Cross-site Scripting vulnerability in Telaxius Epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. network low complexity telaxius CWE-79	5.4

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium