Latest CVE Feed
-
5.4
MEDIUMCVE-2020-4786
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading ... Read more
Affected Products : qradar_security_information_and_event_manager- Published: Jan. 27, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.... Read more
Affected Products : framework- Published: Nov. 23, 2022
- Modified: Apr. 25, 2025
-
5.4
MEDIUMCVE-2022-33177
Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations Update.... Read more
Affected Products : booking_calendar- Published: Sep. 06, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-36785
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS.... Read more
Affected Products : saml- Published: Aug. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2023-44826
Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.... Read more
Affected Products : zentao- Published: Oct. 10, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4855
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_rhapsody_design_manager rational_team_concert rhapsody_model_manager collaborative_lifecycle_management engineering_insights engineering_lifecycle_management +6 more products- Published: Jan. 27, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-14946
The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.... Read more
Affected Products : ultimate_member- Published: Aug. 12, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2023-50100
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.... Read more
Affected Products : jfinalcms- Published: Dec. 14, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2023-5867
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.... Read more
Affected Products : phpmyfaq- Published: Oct. 31, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-0023
A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on ad... Read more
- Published: Jan. 15, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-37453
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).... Read more
Affected Products : axon_pbx- Published: Jul. 25, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-37458
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).... Read more
Affected Products : axon_pbx- Published: Jul. 25, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-37936
It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search te... Read more
Affected Products : kibana- Published: Nov. 18, 2022
- Modified: Apr. 29, 2025
-
5.4
MEDIUMCVE-2022-29530
An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.... Read more
Affected Products : misp- Published: Apr. 20, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-29584
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.... Read more
Affected Products : mahara- Published: Apr. 28, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-12554
The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the cas_register_post() function. This makes it possible for unauthentica... Read more
Affected Products :- Published: Dec. 18, 2024
- Modified: Dec. 18, 2024
-
5.4
MEDIUMCVE-2023-45879
GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component.... Read more
Affected Products : gibbon- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-22402
Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed t... Read more
- Published: Jan. 18, 2024
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-24566
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).... Read more
- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-32144
Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.... Read more
Affected Products : welcart_e-commerce- Published: Jun. 11, 2024
- Modified: Nov. 21, 2024