Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-18 | CVE-2017-15573 | Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. | 6.1 |
| 2017-10-18 | CVE-2017-15571 | Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. | 6.1 |
| 2017-10-18 | CVE-2017-15570 | Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. | 6.1 |
| 2017-10-18 | CVE-2017-15569 | Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. | 6.1 |
| 2017-10-18 | CVE-2017-15568 | Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history. | 6.1 |
| 2017-10-18 | CVE-2016-10515 | Cross-site Scripting vulnerability in Redmine In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. | 6.1 |
| 2017-10-17 | CVE-2017-14013 | Incorrect Resource Transfer Between Spheres vulnerability in Prominent Multiflex M10A Controller Firmware A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. | 5.6 |
| 2017-10-17 | CVE-2017-14009 | Cleartext Transmission of Sensitive Information vulnerability in Prominent Multiflex M10A Controller Firmware An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. | 6.5 |
| 2017-10-17 | CVE-2017-14007 | Insufficient Session Expiration vulnerability in Prominent Multiflex M10A Controller Firmware An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. | 5.6 |
| 2017-10-17 | CVE-2017-15538 | Cross-site Scripting vulnerability in Ilias Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php. | 5.4 |