Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2013-0286

    Pinboard 1.0.6 theme for Wordpress has XSS.... Read more

    Affected Products : pinboard
    • EPSS Score: %0.08
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-2249

    Zimbra Collaboration before 8.6.0 patch5 has XSS.... Read more

    Affected Products : zimbra_collaboration_server
    • EPSS Score: %0.70
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-17651

    An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS)... Read more

    Affected Products : fortisiem
    • EPSS Score: %0.20
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2012-5776

    Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.... Read more

    Affected Products : dokeos
    • EPSS Score: %0.19
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-0161

    Havalite CMS 1.1.7 has a stored XSS vulnerability... Read more

    Affected Products : havalite
    • EPSS Score: %0.30
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8498

    XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privi... Read more

    Affected Products : gistpress
    • EPSS Score: %0.47
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-4451

    IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tru... Read more

    Affected Products : security_identity_manager
    • EPSS Score: %0.24
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-15253

    A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interfa... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.16
    • Published: Feb. 05, 2020
    • Modified: Jul. 23, 2025

  • 5.4

    MEDIUM
    CVE-2013-3635

    ProjectPier 0.8.8 has stored XSS... Read more

    Affected Products : projectpier
    • EPSS Score: %0.18
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-3636

    ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag... Read more

    Affected Products : projectpier
    • EPSS Score: %0.24
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-3067

    Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS.... Read more

    Affected Products : wrt310n_firmware wrt310n
    • EPSS Score: %0.26
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8812

    Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug.... Read more

    Affected Products : bludit
    • EPSS Score: %0.26
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-2207

    Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (... Read more

    Affected Products : resource_management_system
    • EPSS Score: %0.15
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-1353

    Orange HRM 2.7.1 allows XSS via the vacancy name.... Read more

    Affected Products : orangehrm
    • EPSS Score: %0.18
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2012-6449

    The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability.... Read more

    Affected Products : cpanel whm
    • EPSS Score: %0.18
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-2112

    Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.... Read more

    Affected Products : git_parameter
    • EPSS Score: %0.12
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-2122

    Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data.... Read more

    Affected Products : brakeman
    • EPSS Score: %0.10
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-18791

    Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.... Read more

    • EPSS Score: %0.30
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2012-1500

    Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.... Read more

    Affected Products : jira greenhopper
    • EPSS Score: %0.22
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2012-1903

    XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter.... Read more

    Affected Products : community
    • EPSS Score: %0.21
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291558 Results