Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-30 | CVE-2017-14922 | Cross-site Scripting vulnerability in Tine20 Tine 2.0 2017.08.3 Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 5.4 |
| 2017-09-30 | CVE-2017-14921 | Cross-site Scripting vulnerability in Tine20 Tine 2.0 2017.08.3 Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 5.4 |
| 2017-09-30 | CVE-2017-14920 | Cross-site Scripting vulnerability in Egroupware Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. | 6.1 |
| 2017-09-30 | CVE-2017-14620 | Cross-site Scripting vulnerability in Smartertools Smarterstats 11.3.6347 SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | 6.1 |
| 2017-09-30 | CVE-2017-14582 | Improper Certificate Validation vulnerability in Zohocorp Site24X7 Mobile Network Poller 1.1.4 The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate. | 5.9 |
| 2017-09-30 | CVE-2017-14352 | Cross-site Scripting vulnerability in HP Ucmdb Configuration Manager A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. | 6.1 |
| 2017-09-30 | CVE-2017-13991 | Information Exposure vulnerability in HP products An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. | 5.3 |
| 2017-09-30 | CVE-2017-13990 | Information Exposure vulnerability in HP products An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. | 5.3 |
| 2017-09-30 | CVE-2017-13988 | Unspecified vulnerability in HP products An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function. | 6.5 |
| 2017-09-30 | CVE-2017-13987 | Unspecified vulnerability in HP products An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. | 6.5 |