Security Vulnerabilities - CVEs Published In January 2018
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-03
Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-01-03
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-01-02
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-01-02
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
CVSS Score
8.0
EPSS Score
0.002
Published
2018-01-02
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
CVSS Score
8.1
EPSS Score
0.021
Published
2018-01-02
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect']));
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-02
Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution.
CVSS Score
9.8
EPSS Score
0.033
Published
2018-01-02
In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.
CVSS Score
8.3
EPSS Score
0.005
Published
2018-01-02
MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-02