Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-04-17	CVE-2016-4870	Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. network low complexity cybozu CWE-79	5.4
2017-04-17	CVE-2016-4869	Information Exposure vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. network low complexity cybozu CWE-200	6.5
2017-04-17	CVE-2016-4868	Improper Input Validation vulnerability in Cybozu Office Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. network low complexity cybozu CWE-20	4.3
2017-04-17	CVE-2016-4867	Information Exposure vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. network low complexity cybozu CWE-200	4.3
2017-04-17	CVE-2016-4866	Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. network low complexity cybozu CWE-79	4.8
2017-04-17	CVE-2016-4865	Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. network low complexity cybozu CWE-79	4.8
2017-04-17	CVE-2017-7891	Cross-site Scripting vulnerability in Sourcebans-Pp Project Sourcebans-Pp 1.5.4.7 sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter. network low complexity sourcebans-pp-project CWE-79	6.1
2017-04-14	CVE-2017-7871	Cross-site Scripting vulnerability in TDM Project TDM 20170412 trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter). network low complexity tdm-project CWE-79	6.1
2017-04-14	CVE-2017-7188	Cross-site Scripting vulnerability in Zurmo CRM Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. network low complexity zurmo CWE-79	5.4
2017-04-14	CVE-2016-7060	Information Exposure vulnerability in Redhat Quickstart Cloud Installer 1.0 The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display. low complexity redhat CWE-200	4.6

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium