Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-1000063 | Cross-site Scripting vulnerability in Kitto Project Kitto 0.5.1 kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure | 6.1 |
| 2017-07-17 | CVE-2017-1000059 | Cross-site Scripting vulnerability in Livehelperchat Live Helper Chat Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users. | 6.1 |
| 2017-07-17 | CVE-2017-1000058 | Cross-site Scripting vulnerability in Chevereto Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser. | 6.1 |
| 2017-07-17 | CVE-2017-1000054 | Cross-site Scripting vulnerability in Rocketchat Rocket.Chat Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. | 6.1 |
| 2017-07-17 | CVE-2017-1000051 | Cross-site Scripting vulnerability in Xwiki Cryptpad Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content | 6.1 |
| 2017-07-17 | CVE-2017-1000043 | Cross-site Scripting vulnerability in Mapbox Mapbox.Js Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control | 6.1 |
| 2017-07-17 | CVE-2017-1000042 | Cross-site Scripting vulnerability in Mapbox Project Mapbox Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name. | 6.1 |
| 2017-07-17 | CVE-2017-1000038 | Cross-site Scripting vulnerability in Relevanssi 3.5.7.1 WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site | 6.1 |
| 2017-07-17 | CVE-2017-1000035 | Cross-site Scripting vulnerability in Tt-Rss Tiny RSS Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack | 6.1 |
| 2017-07-17 | CVE-2017-1000033 | Cross-site Scripting vulnerability in Vospari Forms Project Vospari Forms Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user. | 6.1 |