Latest CVE Feed
-
5.4
MEDIUMCVE-2022-26976
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.... Read more
Affected Products : control_room_management_suite- EPSS Score: %0.32
- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-29734
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.... Read more
- EPSS Score: %0.58
- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-1445
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu... Read more
Affected Products : emptoris_spend_analysis- EPSS Score: %0.27
- Published: Aug. 30, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-1446
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu... Read more
Affected Products : emptoris_spend_analysis- EPSS Score: %0.27
- Published: Aug. 30, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2016-2967
IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a tr... Read more
Affected Products : sametime- EPSS Score: %0.27
- Published: Aug. 29, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-1447
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : emptoris_sourcing- EPSS Score: %0.20
- Published: Aug. 31, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-1535
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more
Affected Products : cognos_analytics- EPSS Score: %0.27
- Published: Aug. 29, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2020-36525
A vulnerability classified as problematic has been found in Linking. This affects an unknown part of the component New Windows Macro. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disc... Read more
Affected Products : linking- EPSS Score: %0.20
- Published: Jun. 07, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-36527
A vulnerability, which was classified as problematic, has been found in Server Status. This issue affects some unknown processing of the component HTTP Status/SMTP Status. The manipulation leads to cross site scripting. The attack may be initiated remotel... Read more
Affected Products : server_status- EPSS Score: %0.20
- Published: Jun. 07, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-40610
Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management.... Read more
Affected Products : emlog_pro- EPSS Score: %0.18
- Published: Jun. 09, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-1098
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos... Read more
Affected Products : emptoris_supplier_lifecycle_management- EPSS Score: %0.20
- Published: Sep. 07, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2015-7672
Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27).... Read more
Affected Products : centreon- EPSS Score: %0.03
- Published: Sep. 07, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-20035
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack... Read more
Affected Products : phplist- EPSS Score: %0.20
- Published: Jun. 10, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-11611
Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to... Read more
Affected Products : wolf_cms- EPSS Score: %1.34
- Published: Sep. 08, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-20044
A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to ve... Read more
Affected Products : pricepoint- EPSS Score: %0.27
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-41502
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.... Read more
- EPSS Score: %0.20
- Published: Jun. 11, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-1781
The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack ... Read more
Affected Products : posttabs- EPSS Score: %0.08
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-1787
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisa... Read more
Affected Products : sideblog- EPSS Score: %0.08
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-30611
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to in... Read more
- EPSS Score: %0.10
- Published: Jun. 10, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-31049
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients use... Read more
Affected Products : typo3- EPSS Score: %0.63
- Published: Jun. 14, 2022
- Modified: Nov. 21, 2024