Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-39427

    Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php.... Read more

    Affected Products : 188jianzhan
    • EPSS Score: %0.16
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2018-14497

    Tenda D152 ADSL routers allow XSS via a crafted SSID.... Read more

    Affected Products : d152_firmware d152
    • EPSS Score: %0.19
    • Published: Aug. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-14962

    zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.... Read more

    Affected Products : zzcms
    • EPSS Score: %0.21
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-4392

    A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.... Read more

    Affected Products : business_service_management
    • EPSS Score: %0.31
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-38653

    In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. ... Read more

    Affected Products : digital_experience
    • EPSS Score: %0.19
    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-3877

    A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected is an unknown function of the component URL Field Handler. The manipulation leads to cross site scripting. ... Read more

    Affected Products : passwordstate
    • EPSS Score: %0.18
    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-3987

    The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting ... Read more

    Affected Products : responsive_lightbox2
    • EPSS Score: %0.11
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 5.4

    MEDIUM
    CVE-2022-31683

    Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other t... Read more

    Affected Products : concourse
    • EPSS Score: %0.05
    • Published: Dec. 19, 2022
    • Modified: Apr. 16, 2025

  • 5.4

    MEDIUM
    CVE-2018-15199

    AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action.... Read more

    Affected Products : auracms
    • EPSS Score: %0.29
    • Published: Aug. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-3781

    A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by a... Read more

    Affected Products : talk
    • EPSS Score: %0.39
    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-29836

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to c... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.22
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-0367

    A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affecte... Read more

    Affected Products : registered_envelope_service
    • EPSS Score: %0.22
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1000218

    OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script o... Read more

    Affected Products : openemr
    • EPSS Score: %0.02
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1000219

    OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script o... Read more

    Affected Products : openemr
    • EPSS Score: %0.06
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-36635

    A vulnerability was found in OpenMRS Appointment Scheduling Module up to 1.12.x. It has been classified as problematic. This affects the function validateFieldName of the file api/src/main/java/org/openmrs/module/appointmentscheduling/validator/Appointmen... Read more

    Affected Products : appointment_scheduling_module
    • EPSS Score: %0.07
    • Published: Dec. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-14059

    Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.... Read more

    Affected Products : pimcore
    • EPSS Score: %0.01
    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-42704

    A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.... Read more

    Affected Products : servicenow
    • EPSS Score: %0.19
    • Published: Jan. 13, 2023
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2022-48091

    Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php.... Read more

    Affected Products : hotel_management_system
    • EPSS Score: %0.09
    • Published: Jan. 13, 2023
    • Modified: Apr. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-4477

    The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Si... Read more

    Affected Products : smash_balloon_social_post_feed
    • EPSS Score: %0.11
    • Published: Jan. 16, 2023
    • Modified: Apr. 04, 2025

  • 5.4

    MEDIUM
    CVE-2022-4480

    The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack... Read more

    Affected Products : click_to_chat
    • EPSS Score: %0.15
    • Published: Jan. 16, 2023
    • Modified: Apr. 04, 2025
Showing 20 of 290974 Results