| Max CVSS | 5.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-4492 | 4.3 |
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.
|
13-02-2023 - 04:47 | 07-12-2013 - 00:55 | |
| CVE-2017-12195 | 5.8 |
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication
|
12-02-2023 - 23:28 | 27-07-2018 - 15:29 | |
| CVE-2017-15125 | 3.5 |
A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application admi
|
09-10-2019 - 23:24 | 27-07-2018 - 15:29 | |
| CVE-2017-1000095 | 4.0 |
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 |