Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-25 CVE-2015-4668 Open Redirect vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
network
low complexity
xceedium CWE-601
6.1
2017-09-25 CVE-2010-3050 Improper Input Validation vulnerability in Cisco IOS
Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).
network
low complexity
cisco CWE-20
6.5
2017-09-25 CVE-2010-3049 Improper Input Validation vulnerability in Cisco IOS
Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).
local
low complexity
cisco CWE-20
5.5
2017-09-25 CVE-2017-9551 Cross-site Scripting vulnerability in Mahara
Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g.
network
low complexity
mahara CWE-79
6.1
2017-09-25 CVE-2017-1555 Improper Input Validation vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan.
network
low complexity
ibm CWE-20
4.3
2017-09-25 CVE-2017-1551 Improper Input Validation vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-20
6.1
2017-09-25 CVE-2017-1424 Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.7.0
IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-09-25 CVE-2017-1235 Unspecified vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service.
network
low complexity
ibm
6.5
2017-09-25 CVE-2017-14506 Cross-site Scripting vulnerability in Geminabox Project Geminabox
geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.
network
low complexity
geminabox-project CWE-79
5.4
2017-09-23 CVE-2017-14726 Cross-site Scripting vulnerability in Wordpress
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
network
low complexity
wordpress CWE-79
6.1