Medium Severity Vulnerabilities

Vulnerability Name	CVE CWE	CWE	Severity
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-0682)	CVE-2010-0682 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5106)	CVE-2010-5106 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5293)	CVE-2010-5293 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5296)	CVE-2010-5296 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5270)	CVE-2011-5270 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2401)	CVE-2012-2401 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2402)	CVE-2012-2402 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3385)	CVE-2012-3385 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4421)	CVE-2012-4421 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6634)	CVE-2012-6634 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6635)	CVE-2012-6635 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2199)	CVE-2013-2199 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2200)	CVE-2013-2200 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2203)	CVE-2013-2203 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0165)	CVE-2014-0165 CWE-264	CWE-264	Medium
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5715)	CVE-2015-5715 CWE-264	CWE-264	Medium
WordPress pingback scanner	CVE-2013-0235 CWE-918	CWE-918	Medium
WordPress Resource Management Errors Vulnerability (CVE-2014-5265)	CVE-2014-5265		Medium
WordPress Resource Management Errors Vulnerability (CVE-2014-5266)	CVE-2014-5266		Medium
WordPress Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-3590)	CVE-2022-3590 CWE-367	CWE-367	Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14725)	CVE-2017-14725 CWE-601	CWE-601	Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10100)	CVE-2018-10100 CWE-601	CWE-601	Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10101)	CVE-2018-10101 CWE-601	CWE-601	Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-16220)	CVE-2019-16220 CWE-601	CWE-601	Medium
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-4048)	CVE-2020-4048 CWE-601	CWE-601	Medium
WordPress username enumeration	CWE-200	CWE-200	Medium
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8295)	CVE-2017-8295 CWE-640	CWE-640	Medium
WordPress XML-RPC authentication brute force	CWE-521	CWE-521	Medium
XOOPS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3822)	CVE-2011-3822 CWE-200	CWE-200	Medium
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2006-2516)	CVE-2006-2516 CWE-22	CWE-22	Medium
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6884)	CVE-2008-6884 CWE-22	CWE-22	Medium
XOOPS Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-0613)	CVE-2008-0613 CWE-59	CWE-59	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2003-1453)	CVE-2003-1453 CWE-707	CWE-707	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2004-2756)	CVE-2004-2756 CWE-707	CWE-707	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2035)	CVE-2008-2035 CWE-707	CWE-707	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3295)	CVE-2008-3295 CWE-707	CWE-707	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-4432)	CVE-2008-4432 CWE-707	CWE-707	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-4435)	CVE-2008-4435 CWE-707	CWE-707	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6885)	CVE-2008-6885 CWE-707	CWE-707	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2783)	CVE-2009-2783 CWE-707	CWE-707	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4565)	CVE-2011-4565 CWE-707	CWE-707	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0984)	CVE-2012-0984 CWE-707	CWE-707	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7944)	CVE-2017-7944 CWE-707	CWE-707	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12139)	CVE-2017-12139 CWE-707	CWE-707	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16683)	CVE-2019-16683 CWE-707	CWE-707	Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16684)	CVE-2019-16684 CWE-707	CWE-707	Medium
XOOPS Other Vulnerability (CVE-2005-2112)	CVE-2005-2112		Medium
XOOPS Other Vulnerability (CVE-2005-3680)	CVE-2005-3680		Medium
XOOPS Other Vulnerability (CVE-2006-5810)	CVE-2006-5810		Medium
XOOPS Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4851)	CVE-2009-4851 CWE-264	CWE-264	Medium
XOOPS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-12138)	CVE-2017-12138 CWE-601	CWE-601	Medium
XSS on Apache HTTP Server 413 error pages via malformed HTTP method	CVE-2007-6203 CWE-79	CWE-79	Medium
YetiForce CRM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-4092)	CVE-2021-4092 CWE-352	CWE-352	Medium
YetiForce CRM Improper Input Validation Vulnerability (CVE-2021-4111)	CVE-2021-4111 CWE-20	CWE-20	Medium
YetiForce CRM Improper Input Validation Vulnerability (CVE-2021-4117)	CVE-2021-4117 CWE-20	CWE-20	Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4107)	CVE-2021-4107 CWE-707	CWE-707	Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4116)	CVE-2021-4116 CWE-707	CWE-707	Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4121)	CVE-2021-4121 CWE-707	CWE-707	Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-1340)	CVE-2022-1340 CWE-707	CWE-707	Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2829)	CVE-2022-2829 CWE-707	CWE-707	Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2885)	CVE-2022-2885 CWE-707	CWE-707	Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2890)	CVE-2022-2890 CWE-707	CWE-707	Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2924)	CVE-2022-2924 CWE-707	CWE-707	Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3000)	CVE-2022-3000 CWE-707	CWE-707	Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3002)	CVE-2022-3002 CWE-707	CWE-707	Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3004)	CVE-2022-3004 CWE-707	CWE-707	Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3005)	CVE-2022-3005 CWE-707	CWE-707	Medium
YetiForce CRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-1411)	CVE-2022-1411 CWE-434	CWE-434	Medium
Yii2 debug toolkit	CWE-200	CWE-200	Medium
Yii2 Gii extension	CWE-200	CWE-200	Medium
Yii2 weak secret key	CWE-693	CWE-693	Medium
Yii debug mode enabled	CWE-16	CWE-16	Medium
Yii running in dev mode	CWE-16	CWE-16	Medium
YOURLS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3824)	CVE-2011-3824 CWE-200	CWE-200	Medium
YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-8488)	CVE-2014-8488 CWE-707	CWE-707	Medium