Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27671 of 28111

CVE-2017-9072

Posted by Cyberthreat Blog | May 18, 2017 | CVE Notifications |

Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and...

CVE-2017-9066

Posted by Cyberthreat Blog | May 18, 2017 | CVE Notifications |

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class.

CVE-2017-9061

Posted by Cyberthreat Blog | May 18, 2017 | CVE Notifications |

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.

CVE-2017-9062

Posted by Cyberthreat Blog | May 18, 2017 | CVE Notifications |

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.

CVE-2017-9064

Posted by Cyberthreat Blog | May 18, 2017 | CVE Notifications |

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

Author: Cyberthreat Blog

CVE-2017-9072

CVE-2017-9066

CVE-2017-9061

CVE-2017-9062

CVE-2017-9064