Security Vulnerabilities - CVEs Published In March 2017
XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-03-05
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely.
CVSS Score
8.1
EPSS Score
0.003
Published
2017-03-05
paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-05
FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter).
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-05
groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter).
CVSS Score
6.1
EPSS Score
0.004
Published
2017-03-05
Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-05
Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-05
Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data (c and cred) passed to the "INTER-Mediator-master/Auth_Support/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-05
A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-05
A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the "reasoncms-master/www/nyroModal/demoSent.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-05