Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-25 | CVE-2015-4668 | Open Redirect vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0 Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. | 6.1 |
2017-09-25 | CVE-2010-3050 | Improper Input Validation vulnerability in Cisco IOS Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). | 6.5 |
2017-09-25 | CVE-2010-3049 | Improper Input Validation vulnerability in Cisco IOS Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). | 5.5 |
2017-09-25 | CVE-2017-9551 | Cross-site Scripting vulnerability in Mahara Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. | 6.1 |
2017-09-25 | CVE-2017-1555 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. | 4.3 |
2017-09-25 | CVE-2017-1551 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
2017-09-25 | CVE-2017-1424 | Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.7.0 IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. | 5.4 |
2017-09-25 | CVE-2017-1235 | Unspecified vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. | 6.5 |
2017-09-25 | CVE-2017-14506 | Cross-site Scripting vulnerability in Geminabox Project Geminabox geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. | 5.4 |
2017-09-23 | CVE-2017-14726 | Cross-site Scripting vulnerability in Wordpress Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. | 6.1 |