Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-27 | CVE-2017-14762 | Cross-site Scripting vulnerability in Genixcms 1.1.4 In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter. | 6.1 |
| 2017-09-27 | CVE-2017-14761 | Cross-site Scripting vulnerability in Genixcms 1.1.4 In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter. | 6.1 |
| 2017-09-27 | CVE-2017-14753 | Cross-site Scripting vulnerability in Eyesofnetwork 5.10 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php. | 5.4 |
| 2017-09-26 | CVE-2017-14751 | Cross-site Scripting vulnerability in Intensewp WP Jobs The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. | 6.1 |
| 2017-09-26 | CVE-2017-1531 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-26 | CVE-2017-1530 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-26 | CVE-2017-14748 | Race Condition vulnerability in Blizzard Overwatch 1.15.0.2 Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match. | 5.3 |
| 2017-09-26 | CVE-2017-1425 | Cross-site Scripting vulnerability in IBM Business Process Manager 8.0.1.1/8.5.7.0 IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-26 | CVE-2015-7391 | Cross-site Scripting vulnerability in Testlink Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php. | 6.1 |
| 2017-09-26 | CVE-2015-3248 | Resource Exhaustion vulnerability in Openhpi 3.5.0 openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption). | 4.7 |