Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-12 CVE-2015-9097 CRLF Injection vulnerability in Mail Project Mail
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
network
low complexity
mail-project CWE-93
6.1
2017-06-12 CVE-2015-9096 CRLF Injection vulnerability in Ruby-Lang Ruby
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
network
low complexity
ruby-lang CWE-93
6.1
2017-06-12 CVE-2017-1278 Cross-site Scripting vulnerability in IBM products
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
5.4
2017-06-12 CVE-2017-1276 Cross-site Scripting vulnerability in IBM products
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-06-12 CVE-2017-1247 Cross-site Scripting vulnerability in IBM products
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-06-12 CVE-2017-1214 Information Exposure vulnerability in IBM Inotes
IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure.
network
low complexity
ibm CWE-200
5.7
2017-06-12 CVE-2017-7665 Cross-site Scripting vulnerability in Apache Nifi
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
network
low complexity
apache CWE-79
6.1
2017-06-12 CVE-2017-9548 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change).
network
low complexity
bigtreecms CWE-79
5.4
2017-06-12 CVE-2017-9547 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).
network
low complexity
bigtreecms CWE-79
5.4
2017-06-12 CVE-2017-9546 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.
network
low complexity
bigtreecms CWE-79
5.7