Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-28 | CVE-2017-14622 | Cross-site Scripting vulnerability in 2Kblater 2KB Amazon Affiliates Store Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php. | 6.1 |
| 2017-09-28 | CVE-2017-14525 | Open Redirect vulnerability in Opentext Documentum Administrator and Documentum Webtop Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | 6.1 |
| 2017-09-28 | CVE-2017-14524 | Open Redirect vulnerability in Opentext Documentum Administrator and Documentum Webtop Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | 6.1 |
| 2017-09-28 | CVE-2015-7349 | Cross-site Scripting vulnerability in Vasco Digipass Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter. | 6.1 |
| 2017-09-28 | CVE-2015-7256 | Cryptographic Issues vulnerability in Zyxel products ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. | 5.9 |
| 2017-09-28 | CVE-2015-5613 | Cross-site Scripting vulnerability in Octobercms October Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612. | 5.4 |
| 2017-09-28 | CVE-2015-1526 | Integer Overflow or Wraparound vulnerability in Google Android The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. | 5.5 |
| 2017-09-28 | CVE-2014-9686 | Resource Management Errors vulnerability in Mapsplugin Googlemaps 3.0/3.2 The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php. | 5.9 |
| 2017-09-28 | CVE-2014-8878 | Cryptographic Issues vulnerability in KDE Kmail 4.11.5 KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.9 |
| 2017-09-27 | CVE-2017-14765 | Cross-site Scripting vulnerability in Genixcms 1.1.4 In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request. | 6.1 |