Latest CVE Feed
-
5.4
MEDIUMCVE-2022-29443
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress.... Read more
Affected Products : hotel_booking- EPSS Score: %0.17
- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-28612
Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress.... Read more
Affected Products : custom_popup_builder- EPSS Score: %0.14
- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2015-8756
Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : typo3- EPSS Score: %0.19
- Published: Jan. 08, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2015-8758
Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.... Read more
Affected Products : typo3- EPSS Score: %0.22
- Published: Jan. 08, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2017-20054
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exp... Read more
Affected Products : contact_form_manager- EPSS Score: %0.22
- Published: Jun. 16, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-20056
A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Stored). It is possible to launch the attack remotely. The exp... Read more
Affected Products : user_login_log- EPSS Score: %0.26
- Published: Jun. 16, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-31300
A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.... Read more
Affected Products : haraj- EPSS Score: %7.52
- Published: Jun. 16, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-41420
A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel.... Read more
Affected Products : maianaffiliate- EPSS Score: %1.94
- Published: Jun. 16, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-20060
A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate the at... Read more
Affected Products : elefant_cms- EPSS Score: %0.20
- Published: Jun. 20, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-30874
There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02.... Read more
Affected Products : nukeviet- EPSS Score: %0.24
- Published: Jun. 21, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-20085
A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely.... Read more
Affected Products : atahualpa- EPSS Score: %0.20
- Published: Jun. 23, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2016-1136
Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more
- EPSS Score: %0.22
- Published: Jan. 30, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2022-25238
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to tru... Read more
Affected Products : framework- EPSS Score: %0.34
- Published: Jun. 28, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-20114
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Ref... Read more
Affected Products : server- EPSS Score: %0.27
- Published: Jun. 29, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2015-7398
Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users t... Read more
Affected Products : emptoris_contract_management- EPSS Score: %0.17
- Published: Feb. 15, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2022-2316
HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.... Read more
Affected Products : devolutions_server- EPSS Score: %0.50
- Published: Jul. 06, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-2365
Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.53.3.... Read more
Affected Products : trilium- EPSS Score: %0.20
- Published: Jul. 10, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-34167
IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wi... Read more
- EPSS Score: %0.28
- Published: Jul. 08, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-1626
The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lac... Read more
Affected Products : sharebar- EPSS Score: %0.08
- Published: Jul. 11, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-2364
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /ci_spms/admin/category. The manipulation of the argument vehicle_type with the input "><scrip... Read more
Affected Products : simple_parking_management_system- EPSS Score: %0.20
- Published: Jul. 12, 2022
- Modified: Nov. 21, 2024