In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0.

An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory (XOM) implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash memory. As a consequence, it is possible to execute single instructions with arbitrary system states (e.g., registers, status flags, and SRAM content) and observe the state changes produced by the unknown instruction. An attacker could exploit this vulnerability by executing protected and unknown instructions with specific system states and observing the state changes. Based on the gathered information, it is possible to reverse-engineer the executed instructions. The processor acts as a kind of "instruction oracle."

The wp-all-import plugin before 3.4.7 for WordPress has XSS.

The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.

The rimons-twitter-widget plugin before 1.3 for WordPress has XSS.

The realty plugin before 1.1.0 for WordPress has multiple XSS issues.

The raygun4wp plugin before 1.8.3 for WordPress has XSS in the settings, a different issue than CVE-2017-9288.

The rating-bws plugin before 0.2 for WordPress has multiple XSS issues.

The promobar plugin before 1.1.1 for WordPress has multiple XSS issues.

The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues.

The pagination plugin before 1.0.7 for WordPress has multiple XSS issues.

The moreads-se plugin before 1.4.7 for WordPress has XSS.

The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.

The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.

The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book.

The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages.

The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues.