Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-25 | CVE-2017-1555 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. | 4.3 |
2017-09-25 | CVE-2017-1551 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
2017-09-25 | CVE-2017-1424 | Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.7.0 IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. | 5.4 |
2017-09-25 | CVE-2017-1235 | Unspecified vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. | 6.5 |
2017-09-25 | CVE-2017-14506 | Cross-site Scripting vulnerability in Geminabox Project Geminabox geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. | 5.4 |
2017-09-23 | CVE-2017-14726 | Cross-site Scripting vulnerability in Wordpress Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. | 6.1 |
2017-09-23 | CVE-2017-14725 | Open Redirect vulnerability in Wordpress Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. | 5.4 |
2017-09-23 | CVE-2017-14724 | Cross-site Scripting vulnerability in Wordpress Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. | 6.1 |
2017-09-23 | CVE-2017-14721 | Cross-site Scripting vulnerability in Wordpress Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. | 6.1 |
2017-09-23 | CVE-2017-14720 | Cross-site Scripting vulnerability in Wordpress Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. | 6.1 |