Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.4

    MEDIUM
    CVE-2021-24958

    The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any ... Read more

    Affected Products : meks_easy_photo_feed_widget
    • EPSS Score: %0.22
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-44760

    Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions.... Read more

    Affected Products : wp-downloadmanager
    • EPSS Score: %0.17
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-0364

    The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : modern_events_calendar_lite
    • EPSS Score: %1.60
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2017-11181

    In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable.... Read more

    Affected Products : rise_ultimate_project_manager
    • EPSS Score: %0.18
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2017-11182

    In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable.... Read more

    Affected Products : rise_ultimate_project_manager
    • EPSS Score: %0.67
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-8950

    IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    Affected Products : emptoris_sourcing
    • EPSS Score: %0.24
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-8953

    IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof ... Read more

    Affected Products : emptoris_sourcing
    • EPSS Score: %0.12
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2017-11201

    application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action.... Read more

    Affected Products : finecms
    • EPSS Score: %0.16
    • Published: Jul. 13, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2021-39491

    A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .... Read more

    Affected Products : rengine
    • EPSS Score: %0.18
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2016-6019

    IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin... Read more

    • EPSS Score: %0.27
    • Published: Jul. 13, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2022-25582

    A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field.... Read more

    Affected Products : classcms
    • EPSS Score: %0.20
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-1074

    A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input <h1>HTML Injection</h1> in the WiFi settings of the dashboard leads to html injection.... Read more

    Affected Products : flex-1085_firmware flex-1085
    • EPSS Score: %0.20
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-1086

    A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to t... Read more

    Affected Products : dolphinphp
    • EPSS Score: %0.27
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2017-11439

    In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.... Read more

    Affected Products : cms
    • EPSS Score: %0.20
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-7509

    Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.... Read more

    Affected Products : glpi
    • EPSS Score: %0.15
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2021-33616

    RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.... Read more

    Affected Products : archer
    • EPSS Score: %0.51
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-25113

    The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead ... Read more

    Affected Products : dropdown_menu_widget
    • EPSS Score: %0.17
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-36851

    Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_but... Read more

    Affected Products : testimonial_slider
    • EPSS Score: %0.16
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-3137

    XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.... Read more

    Affected Products : xwiki
    • EPSS Score: %0.15
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-28649

    In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description... Read more

    Affected Products : youtrack
    • EPSS Score: %0.00
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291024 Results