Latest CVE Feed
-
5.4
MEDIUMCVE-2021-20421
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitat... Read more
- Published: Jun. 24, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20368
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20366
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20362
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20338
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20351
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more
Affected Products : rational_doors_next_generation rational_quality_manager rational_team_concert engineering_requirements_quality_assistant_on-premises doors_next engineering_lifecycle_management engineering_test_management engineering_workflow_management engineering_lifecycle_optimization global_configuration_management- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20365
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20340
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more
Affected Products : rational_doors_next_generation rational_quality_manager rational_team_concert engineering_requirements_quality_assistant_on-premises doors_next engineering_lifecycle_management engineering_test_management engineering_workflow_management engineering_lifecycle_optimization global_configuration_management- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20279
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.... Read more
- Published: Mar. 15, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20112
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_select_mediafile.php could uplo... Read more
Affected Products : tcexam- Published: Jul. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20107
There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. ... Read more
- Published: Jun. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2011-1079
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memo... Read more
Affected Products : linux_kernel- Published: Jun. 21, 2012
- Modified: Apr. 11, 2025
-
5.4
MEDIUMCVE-2016-7119
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.... Read more
Affected Products : dotnetnuke- Published: Aug. 31, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2016-6913
Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php.... Read more
Affected Products : unified_security_management open_source_security_information_and_event_management- Published: Sep. 26, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2009-0629
The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) ... Read more
- Published: Mar. 27, 2009
- Modified: Apr. 09, 2025
-
5.4
MEDIUMCVE-2009-1965
Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.... Read more
- Published: Oct. 22, 2009
- Modified: Apr. 09, 2025
-
5.4
MEDIUMCVE-2016-6723
A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device h... Read more
Affected Products : android- Published: Nov. 25, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2021-1599
A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input... Read more
Affected Products : unified_customer_voice_portal- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-1582
A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due t... Read more
- Published: Aug. 25, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2016-6647
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : vipr_srm- Published: Sep. 30, 2016
- Modified: Apr. 12, 2025