Latest CVE Feed
-
5.4
MEDIUMCVE-2023-22425
Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.... Read more
Affected Products : shirasagi- EPSS Score: %0.32
- Published: Feb. 24, 2023
- Modified: Mar. 12, 2025
-
5.4
MEDIUMCVE-2023-42817
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by ... Read more
Affected Products : admin_classic_bundle- EPSS Score: %0.00
- Published: Sep. 25, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2023-0695
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-le... Read more
Affected Products : metform_elementor_contact_form_builder- EPSS Score: %0.08
- Published: Jun. 09, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2023-43458
Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage_room function.... Read more
- EPSS Score: %0.34
- Published: Sep. 25, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-26669
A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update.... Read more
Affected Products : bigtree_cms- EPSS Score: %0.21
- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-15036
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.... Read more
Affected Products : nedi- EPSS Score: %0.21
- Published: Jul. 07, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2023-43707
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name] " parameter, potentially leading to unauthorized execution of scripts wi... Read more
Affected Products : oscommerce- EPSS Score: %0.10
- Published: Sep. 30, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2023-20132
Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabili... Read more
Affected Products : webex_meetings- EPSS Score: %0.13
- Published: Apr. 05, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2014-5925
The 10000 Kindle Books Downloads (aka com.ww10000KindleBooksLatestnBestSellers) application 0.312 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information v... Read more
Affected Products : 10000_kindle_books_downloads- EPSS Score: %0.04
- Published: Sep. 18, 2014
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2014-5929
The emartmall (aka kr.co.emart.emartmall) application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more
Affected Products : emartmall- EPSS Score: %0.04
- Published: Sep. 18, 2014
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2023-43992
An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more
Affected Products : line- EPSS Score: %0.08
- Published: Jan. 24, 2024
- Modified: Jun. 20, 2025
-
5.4
MEDIUMCVE-2023-2415
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This ... Read more
- EPSS Score: %0.03
- Published: Jun. 03, 2023
- Modified: Jun. 10, 2025
-
5.4
MEDIUMCVE-2021-43436
MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.... Read more
Affected Products : iresturant- EPSS Score: %0.21
- Published: Jan. 12, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2023-22050
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows low privileged attacker ... Read more
Affected Products : jd_edwards_enterpriseone_orchestrator- EPSS Score: %0.18
- Published: Jul. 18, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-8005
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Ident... Read more
- EPSS Score: %0.19
- Published: Jul. 17, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2023-46613
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jens Kuerschner Add to Calendar Button plugin <= 1.5.1 versions.... Read more
Affected Products : add_to_calendar_button- EPSS Score: %0.22
- Published: Nov. 08, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2023-4690
The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_config function. This makes it possible for unauth... Read more
- EPSS Score: %0.05
- Published: Nov. 15, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2023-22910
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do ... Read more
Affected Products : mediawiki- EPSS Score: %0.43
- Published: Jan. 20, 2023
- Modified: Apr. 03, 2025
-
5.4
MEDIUMCVE-2023-47177
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yakir Sitbon, Ariel Klikstein Linker plugin <= 1.2.1 versions.... Read more
Affected Products : linker- EPSS Score: %0.11
- Published: Nov. 06, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2023-23954
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability.... Read more
- EPSS Score: %0.33
- Published: Jun. 01, 2023
- Modified: Jan. 09, 2025