CVE-2014-6189 CVSS:0.0
Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. (Last Update:2017-08-22) (Publish Update:2017-08-22)
CVE-2015-5258 CVSS:0.0
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. (Last Update:2017-08-22) (Publish Update:2017-08-22)
CVE-2017-7557 CVSS:0.0
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. (Last Update:2017-08-22) (Publish Update:2017-08-22)
CVE-2017-12978 CVSS:3.5
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. (Last Update:2017-08-22) (Publish Update:2017-08-21)
CVE-2017-12979 CVSS:0.0
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. (Last Update:2017-08-21) (Publish Update:2017-08-21)
CVE-2017-12980 CVSS:0.0
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element. (Last Update:2017-08-21) (Publish Update:2017-08-21)
CVE-2017-12981 CVSS:0.0
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. (Last Update:2017-08-21) (Publish Update:2017-08-21)
CVE-2017-12984 CVSS:0.0
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. (Last Update:2017-08-21) (Publish Update:2017-08-21)
CVE-2017-5187 CVSS:0.0
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. (Last Update:2017-08-21) (Publish Update:2017-08-21)
CVE-2017-7421 CVSS:0.0
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features. (Last Update:2017-08-21) (Publish Update:2017-08-21)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com