Security Vulnerabilities - CVEs Published In May 2017
Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-05-12
Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-05-12
Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-05-12
H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.
CVSS Score
7.5
EPSS Score
0.016
Published
2017-05-12
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-05-12
Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-05-12
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-05-12
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-05-12
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-05-12
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-05-12