Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-19 | CVE-2017-7907 | XXE vulnerability in Schneider-Electric Wonderware Historian Client 2014R2 An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. | 6.6 |
| 2017-05-18 | CVE-2017-9072 | Cross-site Scripting vulnerability in Calendarxp Flatcalendarxp and Popcalendarxp Two CalendarXP products have XSS in common parts of HTML files. | 6.1 |
| 2017-05-18 | CVE-2017-9071 | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. | 4.7 |
| 2017-05-18 | CVE-2017-9070 | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php. | 5.4 |
| 2017-05-18 | CVE-2017-9068 | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter. | 6.1 |
| 2017-05-18 | CVE-2017-9063 | Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. | 6.1 |
| 2017-05-18 | CVE-2017-9061 | Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. | 6.1 |
| 2017-05-18 | CVE-2017-7433 | Path Traversal vulnerability in Micro Focus Vibe An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. | 6.5 |
| 2017-05-18 | CVE-2017-9059 | Improper Resource Shutdown or Release vulnerability in Linux Kernel The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak. | 5.5 |
| 2017-05-18 | CVE-2017-9045 | Missing Encryption of Sensitive Data vulnerability in Google I/O 2017 5.0.3 The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocks_v4.json file. | 5.9 |