Latest CVE Feed
-
5.4
MEDIUMCVE-2021-24958
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any ... Read more
Affected Products : meks_easy_photo_feed_widget- EPSS Score: %0.22
- Published: Mar. 14, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-44760
Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions.... Read more
Affected Products : wp-downloadmanager- EPSS Score: %0.17
- Published: Mar. 18, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-0364
The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks... Read more
Affected Products : modern_events_calendar_lite- EPSS Score: %1.60
- Published: Mar. 21, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-11181
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable.... Read more
Affected Products : rise_ultimate_project_manager- EPSS Score: %0.18
- Published: Jul. 12, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-11182
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable.... Read more
Affected Products : rise_ultimate_project_manager- EPSS Score: %0.67
- Published: Jul. 12, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2016-8950
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more
Affected Products : emptoris_sourcing- EPSS Score: %0.24
- Published: Jul. 12, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2016-8953
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof ... Read more
Affected Products : emptoris_sourcing- EPSS Score: %0.12
- Published: Jul. 12, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-11201
application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action.... Read more
Affected Products : finecms- EPSS Score: %0.16
- Published: Jul. 13, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2021-39491
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .... Read more
Affected Products : rengine- EPSS Score: %0.18
- Published: Mar. 24, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2016-6019
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin... Read more
Affected Products : emptoris_strategic_supply_management- EPSS Score: %0.27
- Published: Jul. 13, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2022-25582
A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field.... Read more
Affected Products : classcms- EPSS Score: %0.20
- Published: Mar. 25, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-1074
A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input <h1>HTML Injection</h1> in the WiFi settings of the dashboard leads to html injection.... Read more
- EPSS Score: %0.20
- Published: Mar. 29, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-1086
A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to t... Read more
Affected Products : dolphinphp- EPSS Score: %0.27
- Published: Mar. 29, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-11439
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.... Read more
Affected Products : cms- EPSS Score: %0.20
- Published: Jul. 19, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2016-7509
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.... Read more
Affected Products : glpi- EPSS Score: %0.15
- Published: Jul. 19, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2021-33616
RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.... Read more
Affected Products : archer- EPSS Score: %0.51
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-25113
The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead ... Read more
Affected Products : dropdown_menu_widget- EPSS Score: %0.17
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-36851
Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_but... Read more
Affected Products : testimonial_slider- EPSS Score: %0.16
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-3137
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.... Read more
Affected Products : xwiki- EPSS Score: %0.15
- Published: Jan. 20, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-28649
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description... Read more
Affected Products : youtrack- EPSS Score: %0.00
- Published: Apr. 05, 2022
- Modified: Nov. 21, 2024