Security Vulnerabilities - CVEs Published In October 2017
The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904.
CVSS Score
6.7
EPSS Score
0.0
Published
2017-10-22
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-10-22
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-10-22
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-10-22
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-10-22
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-10-22
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-10-22
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-10-22
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-10-22
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-10-22