Latest CVE Feed
-
5.4
MEDIUMCVE-2021-39390
Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.... Read more
Affected Products : partkeepr- EPSS Score: %0.23
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-27330
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.... Read more
Affected Products : e-commerce_website- EPSS Score: %0.20
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2016-6121
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential... Read more
- EPSS Score: %0.27
- Published: Aug. 09, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2016-8949
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulne... Read more
- EPSS Score: %0.12
- Published: Aug. 09, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-1448
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulne... Read more
- EPSS Score: %0.12
- Published: Aug. 09, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2022-28545
FUDforum 3.1.1 is vulnerable to Stored XSS.... Read more
Affected Products : fudforum- EPSS Score: %0.20
- Published: May. 06, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-9556
Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.... Read more
Affected Products : video_station- EPSS Score: %0.19
- Published: Aug. 11, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2015-3615
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation atta... Read more
- EPSS Score: %0.18
- Published: Aug. 11, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-9655
A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious scr... Read more
- EPSS Score: %0.32
- Published: Aug. 14, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2022-1393
The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle]. The subtitle is stored as a custom post meta with the key: "wps_subtitle", which is sanitized upon post save/update, however is n... Read more
Affected Products : wp_subtitle- EPSS Score: %0.22
- Published: May. 16, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-12882
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.... Read more
Affected Products : spring_batch_admin- EPSS Score: %0.16
- Published: Aug. 18, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2021-41946
In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parental Control --> Access Time Restriction --> Username field, a user cannot delete the rule due to the XSS.... Read more
- EPSS Score: %1.76
- Published: May. 18, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-43729
Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter.... Read more
- EPSS Score: %0.37
- Published: May. 20, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-42656
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.... Read more
- EPSS Score: %0.25
- Published: May. 24, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-30462
Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname.... Read more
Affected Products : water_billing_system- EPSS Score: %0.20
- Published: May. 24, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-30842
Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname.... Read more
Affected Products : covid_19_travel_pass_management_system- EPSS Score: %0.27
- Published: May. 24, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2015-3976
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.... Read more
- EPSS Score: %0.16
- Published: Aug. 28, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2016-9732
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d... Read more
Affected Products : curam_social_program_management- EPSS Score: %0.20
- Published: Aug. 29, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2016-2973
IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within... Read more
Affected Products : sametime- EPSS Score: %0.27
- Published: Aug. 29, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2016-2979
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within... Read more
Affected Products : sametime- EPSS Score: %0.27
- Published: Aug. 29, 2017
- Modified: Apr. 20, 2025