Latest CVE Feed
-
5.4
MEDIUMCVE-2015-3612
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.... Read more
Affected Products : fortimanager- Published: Feb. 04, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20681
Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.... Read more
Affected Products : basercms- Published: Mar. 26, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20654
Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.... Read more
Affected Products : wekan- Published: Feb. 10, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2015-0284
Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerab... Read more
- Published: Apr. 14, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2021-20553
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cr... Read more
Affected Products : sterling_b2b_integrator- Published: Dec. 19, 2024
- Modified: Mar. 06, 2025
-
5.4
MEDIUMCVE-2021-20549
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se... Read more
- Published: Apr. 27, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20528
IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess... Read more
Affected Products : control_center- Published: May. 19, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20520
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20519
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_team_concert rhapsody_model_manager collaborative_lifecycle_management doors_next engineering_insights engineering_lifecycle_management +5 more products- Published: Apr. 12, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20504
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
- Published: Mar. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20421
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitat... Read more
- Published: Jun. 24, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20368
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20366
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20362
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20338
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20351
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more
Affected Products : rational_doors_next_generation rational_quality_manager rational_team_concert engineering_requirements_quality_assistant_on-premises doors_next engineering_lifecycle_management engineering_test_management engineering_workflow_management engineering_lifecycle_optimization global_configuration_management- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20365
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more
Affected Products : cloud_pak_for_applications- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20340
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more
Affected Products : rational_doors_next_generation rational_quality_manager rational_team_concert engineering_requirements_quality_assistant_on-premises doors_next engineering_lifecycle_management engineering_test_management engineering_workflow_management engineering_lifecycle_optimization global_configuration_management- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20279
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.... Read more
- Published: Mar. 15, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-20112
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_select_mediafile.php could uplo... Read more
Affected Products : tcexam- Published: Jul. 30, 2021
- Modified: Nov. 21, 2024