Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.4

    MEDIUM
    CVE-2022-29443

    Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress.... Read more

    Affected Products : hotel_booking
    • EPSS Score: %0.17
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-28612

    Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress.... Read more

    Affected Products : custom_popup_builder
    • EPSS Score: %0.14
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2015-8756

    Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3
    • EPSS Score: %0.19
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025
  • 5.4

    MEDIUM
    CVE-2015-8758

    Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : typo3
    • EPSS Score: %0.22
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025
  • 5.4

    MEDIUM
    CVE-2017-20054

    A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exp... Read more

    Affected Products : contact_form_manager
    • EPSS Score: %0.22
    • Published: Jun. 16, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2017-20056

    A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Stored). It is possible to launch the attack remotely. The exp... Read more

    Affected Products : user_login_log
    • EPSS Score: %0.26
    • Published: Jun. 16, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-31300

    A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.... Read more

    Affected Products : haraj
    • EPSS Score: %7.52
    • Published: Jun. 16, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-41420

    A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel.... Read more

    Affected Products : maianaffiliate
    • EPSS Score: %1.94
    • Published: Jun. 16, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2017-20060

    A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate the at... Read more

    Affected Products : elefant_cms
    • EPSS Score: %0.20
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-30874

    There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02.... Read more

    Affected Products : nukeviet
    • EPSS Score: %0.24
    • Published: Jun. 21, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2017-20085

    A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely.... Read more

    Affected Products : atahualpa
    • EPSS Score: %0.20
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2016-1136

    Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • EPSS Score: %0.22
    • Published: Jan. 30, 2016
    • Modified: Apr. 12, 2025
  • 5.4

    MEDIUM
    CVE-2022-25238

    Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to tru... Read more

    Affected Products : framework
    • EPSS Score: %0.34
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2017-20114

    A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Ref... Read more

    Affected Products : server
    • EPSS Score: %0.27
    • Published: Jun. 29, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2015-7398

    Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users t... Read more

    Affected Products : emptoris_contract_management
    • EPSS Score: %0.17
    • Published: Feb. 15, 2016
    • Modified: Apr. 12, 2025
  • 5.4

    MEDIUM
    CVE-2022-2316

    HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.... Read more

    Affected Products : devolutions_server
    • EPSS Score: %0.50
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-2365

    Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.53.3.... Read more

    Affected Products : trilium
    • EPSS Score: %0.20
    • Published: Jul. 10, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-34167

    IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wi... Read more

    Affected Products : linux_kernel cics_tx
    • EPSS Score: %0.28
    • Published: Jul. 08, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-1626

    The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lac... Read more

    Affected Products : sharebar
    • EPSS Score: %0.08
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2022-2364

    A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /ci_spms/admin/category. The manipulation of the argument vehicle_type with the input "><scrip... Read more

    Affected Products : simple_parking_management_system
    • EPSS Score: %0.20
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291024 Results