Security Vulnerabilities - CVEs Published In October 2017
The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-10-23
The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-10-23
The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-10-23
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-23
In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.
CVSS Score
7.5
EPSS Score
0.017
Published
2017-10-23
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files.
CVSS Score
4.4
EPSS Score
0.001
Published
2017-10-23
Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-10-23
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.
CVSS Score
6.7
EPSS Score
0.0
Published
2017-10-23
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.
CVSS Score
6.7
EPSS Score
0.0
Published
2017-10-23
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell.
CVSS Score
6.7
EPSS Score
0.0
Published
2017-10-23