Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-06 | CVE-2016-1174 | Cross-Site Request Forgery (CSRF) vulnerability in Hiniarata Casebook Plugin Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | 6.8 |
| 2016-04-06 | CVE-2016-1173 | Cross-site Scripting vulnerability in Hiniarata Casebook Plugin Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2016-04-06 | CVE-2016-1172 | Cross-Site Request Forgery (CSRF) vulnerability in Hiniarata Casebook Plugin Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | 6.8 |
| 2016-04-06 | CVE-2016-1171 | Cross-site Scripting vulnerability in Hiniarata Casebook Plugin Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2016-04-06 | CVE-2016-1170 | Cross-Site Request Forgery (CSRF) vulnerability in Hiniarata Casebook Plugin 0.9.3 Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack the authentication of administrators. | 6.8 |
| 2016-04-06 | CVE-2016-1169 | Cross-site Scripting vulnerability in Hiniarata Casebook Plugin 0.9.3 Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2016-04-06 | CVE-2016-0871 | Information Exposure vulnerability in Eaton Lighting Systems EG2 web Control Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. | 5.0 |
| 2016-04-06 | CVE-2015-7921 | Credentials Management vulnerability in Schneider-Electric products The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. | 6.4 |
| 2016-04-06 | CVE-2016-3969 | Cross-site Scripting vulnerability in Mcafee Email Gateway Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email. | 4.3 |
| 2016-04-06 | CVE-2016-3968 | Cross-site Scripting vulnerability in Sophos products Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header. | 4.3 |