Vulnerability Summary for the Week of January 2, 2017

Please Note:

• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.

• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can search the status of that particular vulnerability using that ID.

• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability.

High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity arista -- dcs- Arista EOS 4.15 before 4.15.8M, 4.16 before 2017-01-04 7.8 CVE-2016-6894 BID (link is 7050t_eos_software 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 external) series devices allow remote attackers to cause a CONFIRM (link denial of service (device reboot) by sending is external) crafted packets to the control plane. awebsupport -- SQL injection vulnerability in the "aWeb Cart 2017-01-03 7.5 CVE-2016- 10114 aweb_cart_watching_syst Watching System for Virtuemart" extension BID (link is em_for_virtuemart before 2.6.1 for Joomla! allows remote attackers external) to execute arbitrary SQL commands via vectors MISC involving categorysearch and smartSearch. genexia -- drgos The Parental Control panel in Genexis devices 2017-01-05 9.0 CVE-2015-3441 MISC (link is with DRGOS before 1.14.1 allows remote external) authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) end_minute, or (5) hostname parameter. genixcms_project -- SQL injection vulnerability in register.php in 2017-01-01 7.5 CVE-2016- 10096 genixcms GeniXCMS before 1.0.0 allows remote attackers MISC (link is to execute arbitrary SQL commands via the external) activation parameter. BID (link is external) MISC (link is external) MISC (link is external) icu_project -- Stack-based buffer overflow in the 2017-01-04 7.5 CVE-2014-9911 CONFIRM international_component ures_getByKeyWithFallback function in MLIST (link is s_for_unicode common/uresbund.cpp in International external) Components for Unicode (ICU) before 54.1 for BID (link is external) C/C++ allows remote attackers to cause a denial CONFIRM (link of service or possibly have unspecified other is external) impact via a crafted uloc_getDisplayName call. CONFIRM (link is external) libgd -- libgd Integer signedness error in the dynamicGetbuf 2017-01-04 7.5 CVE-2016-8670 MLIST (link is function in gd_io_dp.c in the GD Graphics external) Library (aka libgd) through 2.2.3, as used in PHP CONFIRM (link before 5.6.28 and 7.x before 7.0.13, allows is external) CONFIRM (link remote attackers to cause a denial of service is external) (stack-based buffer overflow) or possibly have BID (link is unspecified other impact via a crafted external) imagecreatefromstring call. CONFIRM (link is external) CONFIRM (link is external) libvncserver_project -- Heap-based buffer overflow in rfbproto.c in 2016-12-31 7.5 CVE-2016-9941 BID (link is libvncserver LibVNCClient in LibVNCServer before 0.9.11 external) allows remote servers to cause a denial of service CONFIRM (link (application crash) or possibly execute arbitrary is external) CONFIRM (link code via a crafted FramebufferUpdate message is external) containing a subrectangle outside of the client drawing area. libvncserver_project -- Heap-based buffer overflow in ultra.c in 2016-12-31 7.5 CVE-2016-9942 BID (link is libvncserver LibVNCClient in LibVNCServer before 0.9.11 external) allows remote servers to cause a denial of service CONFIRM (link (application crash) or possibly execute arbitrary is external) CONFIRM (link code via a crafted FramebufferUpdate message is external) with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. linux -- linux_kernel The ring_buffer_resize function in 2017-01-05 7.2 CVE-2016-9754 kernel/trace/ring_buffer.c in the profiling CONFIRM CONFIRM subsystem in the Linux kernel before 4.6.1 BID (link is mishandles certain integer calculations, which external) allows local users to gain privileges by writing to CONFIRM (link is external) the /sys/kernel/debug/tracing/buffer_size_kb CONFIRM (link file. is external) matrixssl -- matrixssl Heap-based buffer overflow in MatrixSSL before 2017-01-05 10.0 CVE-2016-6890 BID (link is 3.8.6 allows remote attackers to execute external) arbitrary code via a crafted Subject Alt Name in MISC (link is an X.509 certificate. external) CONFIRM (link is external) CERT-VN netgear -- NETGEAR Arlo base stations with firmware 2017-01-04 10.0 CVE-2016- 10115 arlo_base_station_firmwa 1.7.5_6178 and earlier, Arlo Q devices with MISC (link is re firmware 1.8.0_5551 and earlier, and Arlo Q Plus external) devices with firmware 1.8.1_6094 and earlier MISC (link is external) have a default password of 12345678, which BID (link is makes it easier for remote attackers to obtain external) access after a factory reset or in a factory configuration. netgear -- NETGEAR Arlo base stations with firmware 2017-01-04 9.3 CVE-2016- 10116 arlo_base_station_firmwa 1.7.5_6178 and earlier, Arlo Q devices with MISC (link is re firmware 1.8.0_5551 and earlier, and Arlo Q Plus external) devices with firmware 1.8.1_6094 and earlier use MISC (link is external) a pattern of adjective, noun, and three-digit BID (link is number for the customized password, which external) makes it easier for remote attackers to obtain access via a dictionary attack. openbsd -- openssh Untrusted search path vulnerability in ssh- 2017-01-04 7.5 CVE-2016- 10009 agent.c in ssh-agent in OpenSSH before 7.4 MISC (link is allows remote attackers to execute arbitrary external) local PKCS#11 modules by leveraging control MLIST (link is external) over a forwarded agent-socket. BID (link is external) SECTRACK (link is external) CONFIRM (link is external) MISC CONFIRM (link is external) EXPLOIT-DB (link is external) CONFIRM (link is external) openbsd -- openssh The shared memory manager (associated with 2017-01-04 7.2 CVE-2016- 10012 pre-authentication compression) in sshd in MLIST (link is OpenSSH before 7.4 does not ensure that a external) bounds check is enforced by all compilers, which BID (link is external) might allows local users to gain privileges by SECTRACK leveraging access to a sandboxed privilege- (link is external) separation process, related to the m_zback and CONFIRM (link m_zlib data structures. is external) CONFIRM (link is external) CONFIRM (link is external) php -- php The get_icu_disp_value_src_php function in 2017-01-04 7.5 CVE-2014-9912 MLIST (link is ext/intl/locale/locale_methods.c in PHP before external) 5.3.29, 5.4.x before 5.4.30, and 5.5.x before CONFIRM (link 5.5.14 does not properly restrict calls to the ICU is external) BID (link is uresbund.cpp component, which allows remote external) attackers to cause a denial of service (buffer CONFIRM (link overflow) or possibly have unspecified other is external) impact via a locale_get_display_name call with a CONFIRM (link is external) long first argument. php -- php Use-after-free vulnerability in the CURLFile 2017-01-04 7.5 CVE-2016-9137 CONFIRM (link implementation in ext/curl/curl_file.c in PHP is external) before 5.6.27 and 7.x before 7.0.12 allows MLIST (link is remote attackers to cause a denial of service or external) CONFIRM (link possibly have unspecified other impact via is external) crafted serialized data that is mishandled during CONFIRM (link __wakeup processing. is external) BID (link is external) CONFIRM (link is external) php -- php PHP through 5.6.27 and 7.x through 7.0.12 2017-01-04 7.5 CVE-2016-9138 MLIST (link is mishandles property modification during external) __wakeup processing, which allows remote BID (link is attackers to cause a denial of service or possibly external) CONFIRM (link have unspecified other impact via crafted is external) serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. php -- php The php_wddx_push_element function in 2017-01-04 7.5 CVE-2016-9935 SUSE ext/wddx/wddx.c in PHP before 5.6.29 and 7.x DEBIAN before 7.0.14 allows remote attackers to cause a MLIST (link is denial of service (out-of-bounds read and external) CONFIRM (link memory corruption) or possibly have is external) unspecified other impact via an empty boolean CONFIRM (link element in a wddxPacket XML document. is external) BID (link is external) CONFIRM (link is external) CONFIRM (link is external) php -- php The unserialize implementation in 2017-01-04 7.5 CVE-2016-9936 MLIST (link is ext/standard/var.c in PHP 7.x before 7.0.14 external) allows remote attackers to cause a denial of CONFIRM (link service (use-after-free) or possibly have is external) BID (link is unspecified other impact via crafted serialized external) data. NOTE: this vulnerability exists because of CONFIRM (link an incomplete fix for CVE-2015-6834. is external) CONFIRM (link is external) piwigo -- piwigo admin/plugin.php in Piwigo through 2.8.3 2017-01-03 7.5 CVE-2016- 10105 doesn't validate the sections variable while using BID (link is it to include files. This can cause information external) disclosure and code execution if it contains a .. CONFIRM (link is external) sequence. CONFIRM (link is external) CONFIRM (link is external) quick_heal -- Stack-based buffer overflow in Quick Heal 2017-01-02 7.5 CVE-2017-5005 BID (link is internet_security Internet Security 10.1.0.316 and earlier, Total external) Security 10.1.0.316 and earlier, and AntiVirus Pro MISC (link is 10.1.0.316 and earlier on OS X allows remote external) MISC (link is attackers to execute arbitrary code via a crafted external) LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation. s9y -- serendipity include/functions_installer.inc.php in 2016-12-30 7.5 CVE-2016- 10082 Serendipity through 2.0.5 is vulnerable to File BID (link is Inclusion and a possible Code Execution attack external) during a first-time installation because it fails to CONFIRM (link is external) sanitize the dbType POST parameter before CONFIRM (link adding it to an include() call in the bundled- is external) libs/serendipity_generateFTPChecksums.php file. schedmd -- slurm The _prolog_error function in slurmd/req.c in 2017-01-05 7.6 CVE-2016- 10030 Slurm before 15.08.13, 16.x before 16.05.7, and CONFIRM (link 17.x before 17.02.0-pre4 has a vulnerability in is external) how the slurmd daemon informs users of a CONFIRM (link is external) Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the user being able to cause or anticipate the failure (non-zero return code) of a Prolog script that their job would run on. This issue affects all Slurm versions from 0.6.0 (September 2005) to present. Workarounds to prevent exploitation of this are to either disable your Prolog script, or modify it such that it always returns 0 ("success") and adjust it to set the node as down using scontrol instead of relying on the slurmd to handle that automatically. If you do not have a Prolog set you are unaffected by this issue. swiftmailer -- swiftmailer The mail transport (aka 2016-12-30 7.5 CVE-2016- 10074 Swift_Transport_MailTransport) in Swift Mailer MISC (link is before 5.4.5 might allow remote attackers to external) pass extra parameters to the mail command and FULLDISC BID (link is consequently execute arbitrary code via a \" external) (backslash double quote) in a crafted e-mail CONFIRM (link address in the (1) From, (2) ReturnPath, or (3) is external) Sender header. MISC (link is external) EXPLOIT-DB (link is external) veritas -- scripts/license.pl in Veritas NetBackup Appliance 2017-01-04 10.0 CVE-2016-7399 MISC (link is netbackup_appliance_fir 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, external) mware 2.7.x through 2.7.3, and 3.0.x allow remote BID (link is external) attackers to execute arbitrary commands via CONFIRM (link shell metacharacters in the hostName parameter is external) to appliancews/getLicense. CONFIRM (link is external) western_digital -- Unauthenticated Remote Command injection as 2017-01-03 10.0 CVE-2016- 10107 mycloud_nas root occurs in the Western Digital MyCloud NAS BID (link is 2.11.142 index.php page via a modified Cookie external) header. MISC (link is external) western_digital -- Unauthenticated Remote Command injection as 2017-01-03 10.0 CVE-2016- 10108 mycloud_nas root occurs in the Western Digital MyCloud NAS BID (link is 2.11.142 /web/google_analytics.php URL via a external) modified arg parameter in the POST data. MISC (link is external) zend -- zend-mail The setFrom function in the Sendmail adapter in 2016-12-30 7.5 CVE-2016- 10034 the zend-mail component before 2.4.11, 2.5.x, BID (link is 2.6.x, and 2.7.x before 2.7.2, and Zend external) Framework before 2.4.11 might allow remote CONFIRM (link is external) attackers to pass extra parameters to the mail MISC (link is command and consequently execute arbitrary external) code via a \" (backslash double quote) in a crafted e-mail address.

Medium Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity borg -- borg Borg (aka BorgBackup) before 1.0.9 has a flaw in the 2017-01-02 5.0 CVE-2016- 10099 cryptographic protocol used to authenticate the CONFIRM (link manifest (list of archives), potentially allowing an is external) attacker to spoof the list of archives. BID (link is external) borg -- borg Borg (aka BorgBackup) before 1.0.9 has a flaw in the 2017-01-02 5.0 CVE-2016- 10100 way duplicate archive names were processed CONFIRM (link during manifest recovery, potentially allowing an is external) attacker to overwrite an archive. BID (link is external) dotclear -- dotclear Unrestricted file upload vulnerability in the 2017-01-04 6.5 CVE-2016-7902 MLIST (link is fileUnzip->unzip method in Dotclear before 2.10.3 external) allows remote authenticated users with BID (link is permissions to manage media items to execute external) CONFIRM arbitrary code by uploading a ZIP file containing a CONFIRM file with a crafted extension, as demonstrated by .php.txt or .php%20. dotclear -- dotclear Dotclear before 2.10.3, when the Host header is not 2017-01-04 4.3 CVE-2016-7903 MLIST (link is part of the web server routing process, allows external) remote attackers to modify the password reset BID (link is address link via the HTTP Host header. external) CONFIRM CONFIRM f5 -- big- Virtual servers in F5 BIG-IP systems 11.6.1 before 2017-01-03 4.3 CVE-2016-5024 BID (link is ip_advanced_firewa 11.6.1 HF1 and 12.1.x before 12.1.2, when external) ll_manager configured to parse RADIUS messages via an iRule, SECTRACK allow remote attackers to cause a denial of service (link is external) CONFIRM (link (Traffic Management Microkernel restart) via is external) crafted network traffic. forgerock -- openam XML External Entity (XXE) Vulnerability in 2017-01-02 5.0 CVE-2016- 10097 /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - MISC (link is Access Management 10.1.0 allows remote attackers external) to read arbitrary files via the SAMLRequest BID (link is external) parameter. hybris -- hybris Cross-site scripting (XSS) vulnerability in the Inbox 2016-12-31 4.3 CVE-2016-6856 BID (link is Search feature in Hybris Management Console external) (HMC) in SAP Hybris before 6.0 allows remote MISC (link is attackers to inject arbitrary web script or HTML via external) the itemsperpage parameter. libgd -- libgd Stack consumption vulnerability in the 2017-01-04 5.0 CVE-2016-9933 SUSE gdImageFillToBorder function in gd.c in the GD SUSE Graphics Library (aka libgd) before 2.2.2, as used in SUSE PHP before 5.6.28 and 7.x before 7.0.13, allows MLIST (link is external) remote attackers to cause a denial of service CONFIRM (link (segmentation violation) via a crafted is external) CONFIRM (link imagefilltoborder call that triggers use of a negative is external) color value. BID (link is external) CONFIRM (link is external) CONFIRM (link is external) CONFIRM (link is external) CONFIRM (link is external) linux -- linux_kernel The sg implementation in the Linux kernel through 2016-12-30 6.9 CVE-2016- 10088 4.9 does not properly restrict write operations in CONFIRM situations where the KERNEL_DS option is set, MLIST (link is which allows local users to read or write to arbitrary external) BID (link is kernel memory locations or cause a denial of service external) (use-after-free) by leveraging access to a /dev/sg SECTRACK device, related to block/bsg.c and drivers/scsi/sg.c. (link is external) NOTE: this vulnerability exists because of an CONFIRM (link is external) incomplete fix for CVE-2016-9576. matrixssl -- matrixssl MatrixSSL before 3.8.6 allows remote attackers to 2017-01-05 5.0 CVE-2016-6891 BID (link is cause a denial of service (out-of-bounds read) via a external) crafted ASN.1 Bit Field primitive in an X.509 MISC (link is certificate. external) CONFIRM (link is external) CERT-VN matrixssl -- matrixssl The x509FreeExtensions function in MatrixSSL 2017-01-05 5.0 CVE-2016-6892 BID (link is before 3.8.6 allows remote attackers to cause a external) denial of service (free of unallocated memory) via a MISC (link is crafted X.509 certificate. external) CONFIRM (link is external) CERT-VN netgear -- Directory traversal vulnerability in scgi- 2017-01-03 4.0 CVE-2016- 10106 srx5308_firmware bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, CONFIRM (link FVS318Gv2, and SRX5308 devices with firmware is external) before 4.3.3-8 allows remote authenticated users to BID (link is external) read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file. openbsd -- openssh sshd in OpenSSH before 7.4, when privilege 2017-01-04 6.9 CVE-2016- 10010 separation is not used, creates forwarded Unix- MISC (link is domain sockets as root, which might allow local external) users to gain privileges via unspecified vectors, MLIST (link is external) related to serverloop.c. BID (link is external) SECTRACK (link is external) CONFIRM (link is external) MISC CONFIRM (link is external) EXPLOIT-DB (link is external) CONFIRM (link is external) php -- php ext/wddx/wddx.c in PHP before 5.6.28 and 7.x 2017-01-04 5.0 CVE-2016-9934 SUSE before 7.0.13 allows remote attackers to cause a MLIST (link is denial of service (NULL pointer dereference) via external) crafted serialized data in a wddxPacket XML CONFIRM (link is external) document, as demonstrated by a PDORow string. CONFIRM (link is external) BID (link is external) CONFIRM (link is external) CONFIRM (link is external) phpmailer_project The mailSend function in the isMail transport in 2016-12-30 6.8 CVE-2016- 10033 -- phpmailer PHPMailer before 5.2.18, when the Sender property MISC (link is is not set, might allow remote attackers to pass external) extra parameters to the mail command and MISC (link is external) consequently execute arbitrary code via a \" FULLDISC (backslash double quote) in a crafted From address. MISC (link is external) BUGTRAQ (link is external) BID (link is external) CONFIRM CONFIRM (link is external) CONFIRM (link is external) MISC (link is external) CONFIRM EXPLOIT-DB (link is external) EXPLOIT-DB (link is external) phpmailer_project The isMail transport in PHPMailer before 5.2.20, 2016-12-30 6.8 CVE-2016- 10045 -- phpmailer when the Sender property is not set, might allow MLIST (link is remote attackers to pass extra parameters to the external) mail command and consequently execute arbitrary MISC (link is external) code by leveraging improper interaction between MISC (link is the escapeshellarg function and internal escaping external) performed in the mail function. NOTE: this FULLDISC vulnerability exists because of an incorrect fix for MISC (link is external) CVE-2016-10033. BUGTRAQ (link is external) BID (link is external) CONFIRM CONFIRM (link is external) CONFIRM (link is external) MISC (link is external) EXPLOIT-DB (link is external) piwigo -- piwigo Cross-site scripting (XSS) vulnerability in 2016-12-30 4.3 CVE-2016- 10083 admin/plugin.php in Piwigo through 2.8.3 allows BID (link is remote attackers to inject arbitrary web script or external) HTML via a crafted filename that is mishandled in a CONFIRM (link is external) certain error case. CONFIRM (link is external) piwigo -- piwigo admin/batch_manager.php in Piwigo through 2.8.3 2016-12-30 6.5 CVE-2016- 10084 allows remote authenticated administrators to BID (link is conduct File Inclusion attacks via the $page['tab'] external) variable (aka the mode parameter). CONFIRM (link is external) CONFIRM (link is external) piwigo -- piwigo admin/languages.php in Piwigo through 2.8.3 2016-12-30 6.5 CVE-2016- 10085 allows remote authenticated administrators to BID (link is conduct File Inclusion attacks via the tab external) CONFIRM (link parameter. is external) CONFIRM (link is external) sap -- hybris Hybris Management Console (HMC) in SAP Hybris 2016-12-31 4.0 CVE-2016-6859 BID (link is before 6.0 allows remote attackers to obtain external) sensitive information by triggering an error and MISC (link is then reading a Java stack trace. external) torproject -- tor Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha 2017-01-04 5.0 CVE-2016-8860 MLIST (link is had internal functions that were entitled to expect external) that buf_t data had NUL termination, but the BID (link is implementation of or/buffers.c did not ensure that external) CONFIRM NUL termination was present, which allows remote CONFIRM (link attackers to cause a denial of service (client, hidden is external) service, relay, or authority crash) via crafted data. CONFIRM wordpress -- Cross-site scripting (XSS) vulnerability in the 2017-01-04 4.3 CVE-2016-7168 MLIST (link is wordpress media_handle_upload function in wp- external) admin/includes/media.php in WordPress before MLIST (link is 4.6.1 might allow remote attackers to inject external) BID (link is arbitrary web script or HTML by tricking an external) administrator into uploading an image file that has CONFIRM a crafted filename. CONFIRM (link is external) MISC (link is external) CONFIRM wordpress -- Directory traversal vulnerability in the 2017-01-04 6.5 CVE-2016-7169 BID (link is wordpress File_Upload_Upgrader class in wp- external) admin/includes/class-file-upload-upgrader.php in CONFIRM the upgrade package uploader in WordPress before CONFIRM (link is external) 4.6.1 allows remote authenticated users to access CONFIRM arbitrary files via a crafted urlholder parameter. Low Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity mcafee -- Authentication bypass vulnerability in Enterprise 2017-01-05 1.7 CVE-2016-8006 CONFIRM (link security_informatio Security Manager (ESM) and License Manager (LM) in is external) n_and_event_man Intel Security McAfee Security Information and Event agement Management (SIEM) 9.6.0 MR3 allows an administrator to make changes to other SIEM users' information including user passwords without supplying the current administrator password a second time via the GUI or GUI terminal commands. openbsd -- openssh authfile.c in sshd in OpenSSH before 7.4 does not 2017-01-04 2.1 CVE-2016- 10011 properly consider the effects of realloc on buffer MLIST (link is contents, which might allow local users to obtain external) sensitive private-key information by leveraging BID (link is external) access to a privilege-separated child process. SECTRACK (link is external) CONFIRM (link is external) CONFIRM (link is external) CONFIRM (link is external) sap -- hybris Cross-site scripting (XSS) vulnerability in the Create 2016-12-31 3.5 CVE-2016-6857 BID (link is Catalogue feature in Hybris Management Console external) (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before MISC (link is 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, external) 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field. sap -- hybris Cross-site scripting (XSS) vulnerability in the Create 2016-12-31 3.5 CVE-2016-6858 BID (link is Employee feature in Hybris Management Console external) (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before MISC (link is 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x external) before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x before 5.6.0.8, and 5.7.x before 5.7.0.9 allows remote authenticated users to inject arbitrary web script or HTML via the Name field. tenable -- nessus Cross-site scripting (XSS) vulnerability in Tenable 2017-01-05 3.5 CVE-2017-5179 CONFIRM (link Nessus before 6.9.3 allows remote authenticated is external) users to inject arbitrary web script or HTML via unspecified vectors. woocommerce -- Cross-site scripting (XSS) vulnerability in the 2017-01-03 3.5 CVE-2016- 10112 woocommerce WooCommerce plugin before 2.6.9 for WordPress BID (link is allows remote authenticated administrators to inject external) arbitrary web script or HTML by providing crafted CONFIRM tax-rate table values in CSV format.

• Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which contains a database of every vulnerability that has ever been published).

Uganda Communications Commission – UGCERT Email: [email protected] Tel + 256 414 302 100/150 Toll Free: 0800 133 911 Website www.ug-cert.ug Face book / Twitter: UGCERT