LiveActive security incident?Get immediate response
CVE archive

June 2017

Browse CVE records published in June 2017, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1499 matching CVEs · Page 2 of 30.

Medium · CVSS 6.3

CVE-2017-20017: The Next Generation of Genealogy Sitebuilding timeline2.php sql injection

A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 5, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20018: XAMPP Installer uncontrolled search path

A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely.

Published Jun 9, 2022 · Updated Apr 15, 2025

Medium · CVSS 4.3

CVE-2017-20019: Solare Solar-Log Config information disclosure

A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 9, 2022 · Updated Apr 15, 2025

Medium · CVSS 5.3

CVE-2017-20020: Solare Solar-Log cross-site request forgery

A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 9, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.5

CVE-2017-20021: Solare Solar-Log File Upload privileges management

A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 9, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20023: Solare Solar-Log Network Config privileges management

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 9, 2022 · Updated Apr 15, 2025

Medium · CVSS 5.3

CVE-2017-20024: Solare Solar-Log denial of service

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 9, 2022 · Updated Apr 15, 2025

High · CVSS 7.3

CVE-2017-20025: Solare Solar-Log Flash Memory privileges management

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 9, 2022 · Updated Apr 15, 2025

Medium · CVSS 4.3

CVE-2017-20026: HumHub Reflected cross site scriting

A vulnerability has been found in HumHub up to 1.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting (Reflected). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 9, 2022 · Updated Apr 15, 2025

Medium · CVSS 4.3

CVE-2017-20027: HumHub DOM cross site scriting

A vulnerability was found in HumHub up to 1.0.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 9, 2022 · Updated Apr 15, 2025

Medium · CVSS 5.6

CVE-2017-20028: HumHub privileges management

A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 9, 2022 · Updated Apr 15, 2025

High · CVSS 7.3

CVE-2017-20029: PHPList Edit Subscription index.php sql injection

A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 10, 2022 · Updated Apr 15, 2025

Medium · CVSS 4.7

CVE-2017-20030: PHPList Sending Campain sql injection

A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 10, 2022 · Updated Apr 15, 2025

Low · CVSS 2.7

CVE-2017-20031: PHPList information disclosure

A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 10, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20032: PHPList Subscription sql injection

A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 10, 2022 · Updated Apr 15, 2025

Medium · CVSS 4.3

CVE-2017-20033: PHPList Reflected cross site scriting

A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\'\";><script>alert(8)</script> leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 10, 2022 · Updated Apr 15, 2025

Low · CVSS 3.5

CVE-2017-20034: PHPList List Name Persistent cross site scriting

A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 10, 2022 · Updated Apr 15, 2025

Low · CVSS 3.5

CVE-2017-20035: PHPList Subscribe Persistent cross site scriting

A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 10, 2022 · Updated Apr 15, 2025

Low · CVSS 3.5

CVE-2017-20036: PHPList Bounce Rule Persistent cross site scriting

A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 10, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20037: SICUNET Access Controller privileges management

A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely.

Published Jun 11, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20038: SICUNET Access Controller card_scan_decoder.php privileges management

A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely.

Published Jun 11, 2022 · Updated Apr 15, 2025

Critical · CVSS 9.8

CVE-2017-20039: SICUNET Access Controller hard-coded password

A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely.

Published Jun 11, 2022 · Updated Apr 15, 2025

Medium · CVSS 5.9

CVE-2017-20040: SICUNET Access Controller Password Storage cleartext storage

A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement.

Published Jun 11, 2022 · Updated Apr 15, 2025

Medium · CVSS 5.4

CVE-2017-20041: Ucweb UC Browser HTML URL improper restriction of rendered ui layers

A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Published Jun 13, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20042: Navetti PricePoint Blind sql injection

A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection (Blind). The attack can be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 13, 2022 · Updated Apr 15, 2025

Medium · CVSS 4.3

CVE-2017-20043: Navetti PricePoint Persistent cross site scriting

A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 13, 2022 · Updated Apr 15, 2025

Medium · CVSS 4.3

CVE-2017-20044: Navetti PricePoint Reflected cross site scriting

A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 13, 2022 · Updated Apr 15, 2025

High · CVSS 7.3

CVE-2017-20045: Navetti PricePoint cross-site request forgery

A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 13, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20051: InnoSetup Installer uncontrolled search path

A vulnerability was found in InnoSetup Installer. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Published Jun 16, 2022 · Updated Apr 15, 2025

Medium · CVSS 5

CVE-2017-20052: Python pgAdmin4 uncontrolled search path

A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Published Jun 16, 2022 · Updated Apr 15, 2025

Medium · CVSS 4.3

CVE-2017-20053: XYZScripts Contact Form Manager Plugin cross-site request forgery

A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Published Jun 16, 2022 · Updated Apr 15, 2025

Low · CVSS 3.5

CVE-2017-20054: XYZScripts Contact Form Manager Plugin cross site scriting

A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Published Jun 16, 2022 · Updated Apr 15, 2025

Low · CVSS 3.5

CVE-2017-20055: BestWebSoft Contact Form Plugin Stored cross site scriting

A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.2 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 16, 2022 · Updated Apr 15, 2025

Low · CVSS 3.5

CVE-2017-20056: weblizar User Login Log Plugin Stored cross site scriting

A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Stored). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Published Jun 16, 2022 · Updated Apr 15, 2025

Medium · CVSS 4.3

CVE-2017-20057: Elefant CMS Persistent cross site scriting

A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 20, 2022 · Updated Apr 15, 2025

Medium · CVSS 4.3

CVE-2017-20058: Elefant CMS Version Comparison Persistent cross site scriting

A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 20, 2022 · Updated Apr 15, 2025

Low · CVSS 3.5

CVE-2017-20059: Elefant CMS Title Persistent cross site scriting

A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input </title><img src=no onerror=alert(1)> leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 20, 2022 · Updated Apr 15, 2025

Low · CVSS 3.5

CVE-2017-20060: Elefant CMS Blog Post Persistent cross site scriting

A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 20, 2022 · Updated Apr 15, 2025

Medium · CVSS 4.3

CVE-2017-20061: Elefant CMS extended Reflected cross site scriting

A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 20, 2022 · Updated Apr 15, 2025

Medium · CVSS 5

CVE-2017-20062: Elefant CMS cross-site request forgery

A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 20, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20063: Elefant CMS File Upload drop privileges management

A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 20, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20064: Elefant CMS layout code injection

A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation leads to code injection. The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Published Jun 20, 2022 · Updated Apr 15, 2025

Medium · CVSS 4.3

CVE-2017-20065: Supsystic Popup Plugin cross-site request forgery

A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Published Jun 20, 2022 · Updated Apr 15, 2025

Medium · CVSS 5.3

CVE-2017-20066: Adminer Login access control

A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Published Jun 20, 2022 · Updated Apr 15, 2025

High · CVSS 7.3

CVE-2017-20067: Hindu Matrimonial Script sql injection

A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Published Jun 21, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20068: Hindu Matrimonial Script usermanagement.php privileges management

A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/usermanagement.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Published Jun 21, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20069: Hindu Matrimonial Script countrymanagement.php privileges management

A vulnerability classified as critical has been found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/countrymanagement.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Published Jun 21, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20070: Hindu Matrimonial Script communitymanagement.php privileges management

A vulnerability classified as critical was found in Hindu Matrimonial Script. This vulnerability affects unknown code of the file /admin/communitymanagement.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Published Jun 21, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20071: Hindu Matrimonial Script renewaldue.php privileges management

A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. This issue affects some unknown processing of the file /admin/renewaldue.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Published Jun 21, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.3

CVE-2017-20072: Hindu Matrimonial Script generalsettings.php privileges management

A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/generalsettings.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Published Jun 21, 2022 · Updated Apr 15, 2025