Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-15284

    Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the cont... Read more

    Affected Products : october
    • Published: Oct. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-15219

    The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.... Read more

    Affected Products : dotcms
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-20943

    Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network ac... Read more

    Affected Products : knowledge_management
    • Published: Feb. 17, 2024
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2017-15051

    Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the ... Read more

    Affected Products : teampass
    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14981

    Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in t... Read more

    Affected Products : atutor
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-6134

    A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further att... Read more

    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-51464

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48582

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48574

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48558

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48527

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48500

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content... Read more

    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48491

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content... Read more

    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48467

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content... Read more

    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-48442

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-14714

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.... Read more

    Affected Products : epesi
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14712

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.... Read more

    Affected Products : epesi
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14725

    Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.... Read more

    Affected Products : wordpress
    • Published: Sep. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14621

    Portus 2.2.0 has XSS via the Team field, related to typeahead.... Read more

    Affected Products : portus
    • Published: Sep. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-45227

    An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. ... Read more

    Affected Products : l206-f2g_firmware l206-f2g
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294299 Results