CVE-2017-1000466
Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.
Source: CVE-2017-1000466
[월:] 2018년 01월
CVE-2017-1000463
CVE-2017-1000463
Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code.
Source: CVE-2017-1000463
CVE-2017-1000459
CVE-2017-1000459
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes
Source: CVE-2017-1000459
CVE-2017-1000438
CVE-2017-1000438
In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user’s file on the underlying filesystem, then manipulate the user’s data.
Source: CVE-2017-1000438
CVE-2017-1000437
CVE-2017-1000437
Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution.
Source: CVE-2017-1000437
CVE-2017-1000434
CVE-2017-1000434
WordPress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header(‘location:’.urldecode($_GET[‘furikake-redirect’]));
Source: CVE-2017-1000434
CVE-2017-1000432
CVE-2017-1000432
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
Source: CVE-2017-1000432
CVE-2017-1000433
CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
Source: CVE-2017-1000433
CVE-2017-1000427
CVE-2017-1000427
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
Source: CVE-2017-1000427
CVE-2017-1000425
CVE-2017-1000425
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.
Source: CVE-2017-1000425