Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.4

    MEDIUM
    CVE-2022-26976

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.... Read more

    Affected Products : control_room_management_suite
    • EPSS Score: %0.32
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-29734

    A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.... Read more

    Affected Products : protege_gx protege_wx
    • EPSS Score: %0.58
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2017-1445

    IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu... Read more

    Affected Products : emptoris_spend_analysis
    • EPSS Score: %0.27
    • Published: Aug. 30, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2017-1446

    IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu... Read more

    Affected Products : emptoris_spend_analysis
    • EPSS Score: %0.27
    • Published: Aug. 30, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-2967

    IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a tr... Read more

    Affected Products : sametime
    • EPSS Score: %0.27
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2017-1447

    IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more

    Affected Products : emptoris_sourcing
    • EPSS Score: %0.20
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2017-1535

    IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more

    Affected Products : cognos_analytics
    • EPSS Score: %0.27
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2020-36525

    A vulnerability classified as problematic has been found in Linking. This affects an unknown part of the component New Windows Macro. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disc... Read more

    Affected Products : linking
    • EPSS Score: %0.20
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2020-36527

    A vulnerability, which was classified as problematic, has been found in Server Status. This issue affects some unknown processing of the component HTTP Status/SMTP Status. The manipulation leads to cross site scripting. The attack may be initiated remotel... Read more

    Affected Products : server_status
    • EPSS Score: %0.20
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-40610

    Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management.... Read more

    Affected Products : emlog_pro
    • EPSS Score: %0.18
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2017-1098

    IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos... Read more

    • EPSS Score: %0.20
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2015-7672

    Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27).... Read more

    Affected Products : centreon
    • EPSS Score: %0.03
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2017-20035

    A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack... Read more

    Affected Products : phplist
    • EPSS Score: %0.20
    • Published: Jun. 10, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2017-11611

    Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to... Read more

    Affected Products : wolf_cms
    • EPSS Score: %1.34
    • Published: Sep. 08, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2017-20044

    A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to ve... Read more

    Affected Products : pricepoint
    • EPSS Score: %0.27
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-41502

    An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.... Read more

    Affected Products : subrion subrion_cms
    • EPSS Score: %0.20
    • Published: Jun. 11, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-1781

    The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack ... Read more

    Affected Products : posttabs
    • EPSS Score: %0.08
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-1787

    The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisa... Read more

    Affected Products : sideblog
    • EPSS Score: %0.08
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-30611

    IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to in... Read more

    • EPSS Score: %0.10
    • Published: Jun. 10, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-31049

    TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients use... Read more

    Affected Products : typo3
    • EPSS Score: %0.63
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291024 Results