CVE-2017-18107 (crowd)

Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.

View Full Alert

Related Posts

  • CVE-2017-18615

    The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. View Full Alert

  • CVE-2017-18636

    CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal. View Full Alert

  • CVE-2017-17944

    The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. View Full Alert