Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-17 | CVE-2016-3038 | Cross-site Scripting vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2 IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. | 5.4 |
| 2017-04-17 | CVE-2016-3037 | Information Exposure vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2 IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. | 5.7 |
| 2017-04-17 | CVE-2016-0228 | Open Redirect vulnerability in IBM Marketing Platform 10.0 IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. | 5.4 |
| 2017-04-17 | CVE-2015-8256 | Cross-site Scripting vulnerability in Axis Network Camera Firmware Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. | 6.1 |
| 2017-04-17 | CVE-2016-4873 | Permission Issues vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. | 4.3 |
| 2017-04-17 | CVE-2016-4872 | Information Exposure vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. | 4.3 |
| 2017-04-17 | CVE-2016-4871 | Resource Management Errors vulnerability in Cybozu Office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. | 6.5 |
| 2017-04-17 | CVE-2016-4870 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. | 5.4 |
| 2017-04-17 | CVE-2016-4869 | Information Exposure vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. | 6.5 |
| 2017-04-17 | CVE-2016-4868 | Improper Input Validation vulnerability in Cybozu Office Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. | 4.3 |