| Max CVSS | 9.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-4492 | 4.3 |
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.
|
13-02-2023 - 04:47 | 07-12-2013 - 00:55 | |
| CVE-2017-2664 | 4.0 |
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion
|
09-10-2019 - 23:27 | 26-07-2018 - 14:29 | |
| CVE-2017-15125 | 3.5 |
A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application admi
|
09-10-2019 - 23:24 | 27-07-2018 - 15:29 | |
| CVE-2017-12148 | 9.0 |
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook sour
|
09-10-2019 - 23:22 | 27-07-2018 - 16:29 | |
| CVE-2017-11610 | 9.0 |
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace looku
|
03-10-2019 - 00:03 | 23-08-2017 - 14:29 |