Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-25 CVE-2017-1555 Improper Input Validation vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan.
network
low complexity
ibm CWE-20
4.3
2017-09-25 CVE-2017-1551 Improper Input Validation vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-20
6.1
2017-09-25 CVE-2017-1424 Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.7.0
IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-09-25 CVE-2017-1235 Unspecified vulnerability in IBM Websphere MQ
IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service.
network
low complexity
ibm
6.5
2017-09-25 CVE-2017-14506 Cross-site Scripting vulnerability in Geminabox Project Geminabox
geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.
network
low complexity
geminabox-project CWE-79
5.4
2017-09-23 CVE-2017-14726 Cross-site Scripting vulnerability in Wordpress
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
network
low complexity
wordpress CWE-79
6.1
2017-09-23 CVE-2017-14725 Open Redirect vulnerability in Wordpress
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
network
low complexity
wordpress CWE-601
5.4
2017-09-23 CVE-2017-14724 Cross-site Scripting vulnerability in Wordpress
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
network
low complexity
wordpress CWE-79
6.1
2017-09-23 CVE-2017-14721 Cross-site Scripting vulnerability in Wordpress
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
network
low complexity
wordpress CWE-79
6.1
2017-09-23 CVE-2017-14720 Cross-site Scripting vulnerability in Wordpress
Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.
network
low complexity
wordpress CWE-79
6.1