Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-04-28	CVE-2017-1141	Information Exposure vulnerability in IBM Insights Foundation for Energy 1.0/1.5/1.6 IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. network low complexity ibm CWE-200	4.3
2017-04-28	CVE-2017-2152	OS Command Injection vulnerability in Buffalo INC Wnc01Wh Firmware 1.0.0.9 WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. low complexity buffalo-inc CWE-78	6.8
2017-04-28	CVE-2017-2151	Cross-site Scripting vulnerability in Booking Calendar Project Booking Calendar Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity booking-calendar-project CWE-79	6.1
2017-04-28	CVE-2017-2150	Path Traversal vulnerability in Booking Calendar Project Booking Calendar Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. network low complexity booking-calendar-project CWE-22	5.3
2017-04-28	CVE-2017-2148	Cross-site Scripting vulnerability in Iodata Wn-Ac1167Gr Firmware 1.04 Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity iodata CWE-79	5.4
2017-04-28	CVE-2017-2147	Cross-site Scripting vulnerability in Wp-Statistics WP Statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity wp-statistics CWE-79	6.1
2017-04-28	CVE-2017-2143	Forced Browsing vulnerability in Frogman Office INC products CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php. network low complexity frogman-office-inc CWE-425	5.3
2017-04-28	CVE-2017-2139	Forced Browsing vulnerability in Frogman Office INC Cs-Cart 4.3.10 CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php. network low complexity frogman-office-inc CWE-425	5.3
2017-04-28	CVE-2017-2136	Cross-site Scripting vulnerability in WP Statistics WP Statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. network low complexity wp-statistics CWE-79	6.1
2017-04-28	CVE-2017-2135	Cross-site Scripting vulnerability in Wp-Statistics WP Statistics Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity wp-statistics CWE-79	6.1

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium