CVE-2016-10378 CVSS:0.0
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. (Last Update:2017-05-29) (Publish Update:2017-05-29)
CVE-2016-10379 CVSS:0.0
The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php. (Last Update:2017-05-29) (Publish Update:2017-05-29)
CVE-2017-7917 CVSS:0.0
A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device. (Last Update:2017-05-29) (Publish Update:2017-05-29)
CVE-2017-9288 CVSS:0.0
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). (Last Update:2017-05-29) (Publish Update:2017-05-29)
CVE-2017-9289 CVSS:0.0
Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter). (Last Update:2017-05-29) (Publish Update:2017-05-29)
CVE-2017-9292 CVSS:0.0
Lansweeper before has XSS in an image retrieval URI, aka Bug 542782. (Last Update:2017-05-29) (Publish Update:2017-05-29)
CVE-2017-9298 CVSS:0.0
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. (Last Update:2017-05-29) (Publish Update:2017-05-29)
CVE-2017-9299 CVSS:0.0
Open Ticket Request System (OTRS) 3.3.9 has XSS in requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. (Last Update:2017-05-29) (Publish Update:2017-05-29)
CVE-2017-9243 CVSS:0.0
Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point. (Last Update:2017-05-28) (Publish Update:2017-05-28)
CVE-2017-9249 CVSS:0.0
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php. (Last Update:2017-05-28) (Publish Update:2017-05-28)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by