Latest CVE Feed
-
5.4
MEDIUMCVE-2024-34083
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This co... Read more
Affected Products : aiosmtpd- Published: May. 18, 2024
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-0893
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from... Read more
- Published: Mar. 12, 2020
- Modified: Feb. 28, 2025
-
5.4
MEDIUMCVE-2015-20019
The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues... Read more
Affected Products : content_text_slider_on_post- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4977
IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-14605
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.... Read more
Affected Products : gitlab- Published: Jul. 27, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-33803
A SQL injection vulnerability in /model/get_exam.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.... Read more
Affected Products : complete_web-based_school_management_system- Published: May. 28, 2024
- Modified: Mar. 25, 2025
-
5.4
MEDIUMCVE-2020-4866
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more
Affected Products : rational_doors_next_generation rational_quality_manager rational_team_concert engineering_requirements_quality_assistant_on-premises doors_next engineering_lifecycle_management engineering_test_management engineering_workflow_management engineering_lifecycle_optimization global_configuration_management- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-33641
Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through 0.3. ... Read more
Affected Products :- Published: Apr. 29, 2024
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4792
IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For... Read more
Affected Products : edge_application_manager- Published: Apr. 05, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4892
IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more
Affected Products : emptoris_contract_management- Published: Jan. 07, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4825
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi... Read more
Affected Products : api_connect- Published: Feb. 04, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-33592
Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. ... Read more
Affected Products : radio_player- Published: Apr. 25, 2024
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-33533
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation ... Read more
Affected Products : collaboration- Published: Aug. 12, 2024
- Modified: Mar. 13, 2025
-
5.4
MEDIUMCVE-2020-4733
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_rhapsody_design_manager rational_team_concert rhapsody_model_manager collaborative_lifecycle_management doors_next engineering_insights +5 more products- Published: Jan. 08, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4785
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vuln... Read more
Affected Products : app_connect_enterprise_certified_container- Published: Nov. 03, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4707
IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within ... Read more
Affected Products : api_connect- Published: Aug. 04, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2015-1349
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) b... Read more
Affected Products : bind- Published: Feb. 19, 2015
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2015-1394
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard... Read more
Affected Products : photo_gallery- Published: Feb. 08, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4697
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_rhapsody_design_manager rational_team_concert rhapsody_model_manager collaborative_lifecycle_management doors_next engineering_insights +5 more products- Published: Jan. 08, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4681
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess... Read more
Affected Products : security_guardium- Published: Oct. 12, 2020
- Modified: Nov. 21, 2024