Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.4

    MEDIUM
    CVE-2021-39390

    Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.... Read more

    Affected Products : partkeepr
    • EPSS Score: %0.23
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-27330

    A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.... Read more

    Affected Products : e-commerce_website
    • EPSS Score: %0.20
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2016-6121

    IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential... Read more

    • EPSS Score: %0.27
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-8949

    IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulne... Read more

    • EPSS Score: %0.12
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2017-1448

    IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulne... Read more

    • EPSS Score: %0.12
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2022-28545

    FUDforum 3.1.1 is vulnerable to Stored XSS.... Read more

    Affected Products : fudforum
    • EPSS Score: %0.20
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2017-9556

    Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.... Read more

    Affected Products : video_station
    • EPSS Score: %0.19
    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2015-3615

    Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation atta... Read more

    • EPSS Score: %0.18
    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2017-9655

    A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious scr... Read more

    • EPSS Score: %0.32
    • Published: Aug. 14, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2022-1393

    The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle]. The subtitle is stored as a custom post meta with the key: "wps_subtitle", which is sanitized upon post save/update, however is n... Read more

    Affected Products : wp_subtitle
    • EPSS Score: %0.22
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2017-12882

    Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.... Read more

    Affected Products : spring_batch_admin
    • EPSS Score: %0.16
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2021-41946

    In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parental Control --> Access Time Restriction --> Username field, a user cannot delete the rule due to the XSS.... Read more

    Affected Products : hg150-ub_firmware hg150-ub
    • EPSS Score: %1.76
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-43729

    Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter.... Read more

    Affected Products : lv-wr09_firmware lv-wr09
    • EPSS Score: %0.37
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-42656

    SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.... Read more

    Affected Products : siteserver_cms sscms
    • EPSS Score: %0.25
    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-30462

    Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname.... Read more

    Affected Products : water_billing_system
    • EPSS Score: %0.20
    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-30842

    Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname.... Read more

    • EPSS Score: %0.27
    • Published: May. 24, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2015-3976

    Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.... Read more

    • EPSS Score: %0.16
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-9732

    IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d... Read more

    Affected Products : curam_social_program_management
    • EPSS Score: %0.20
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-2973

    IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within... Read more

    Affected Products : sametime
    • EPSS Score: %0.27
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-2979

    IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within... Read more

    Affected Products : sametime
    • EPSS Score: %0.27
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291024 Results