Latest CVE Feed
-
5.4
MEDIUMCVE-2024-34471
An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file locati... Read more
Affected Products : mailinspector- Published: May. 06, 2024
- Modified: Jun. 17, 2025
-
5.4
MEDIUMCVE-2020-2111
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.... Read more
Affected Products : subversion- Published: Feb. 12, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-34357
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the `ShowImageController... Read more
Affected Products : typo3- Published: May. 14, 2024
- Modified: Sep. 03, 2025
-
5.4
MEDIUMCVE-2020-2513
Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via H... Read more
Affected Products : application_express- Published: Jul. 15, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2015-2324
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : photo_gallery- Published: Feb. 19, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-34356
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulne... Read more
Affected Products : typo3- Published: May. 14, 2024
- Modified: Sep. 03, 2025
-
5.4
MEDIUMCVE-2015-2249
Zimbra Collaboration before 8.6.0 patch5 has XSS.... Read more
Affected Products : zimbra_collaboration_server- Published: Jan. 27, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2015-2207
Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (... Read more
Affected Products : resource_management_system- Published: Feb. 08, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-5031
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... Read more
- Published: Jul. 19, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-34141
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more
- Published: Jun. 25, 2024
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-5004
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_team_concert engineering_requirements_quality_assistant_on-premises engineering_test_management engineering_workflow_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights- Published: Jul. 28, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-34128
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more
- Published: Jul. 23, 2024
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4997
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more
Affected Products : infosphere_information_server- Published: Apr. 05, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-34083
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This co... Read more
Affected Products : aiosmtpd- Published: May. 18, 2024
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-0893
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from... Read more
- Published: Mar. 12, 2020
- Modified: Feb. 28, 2025
-
5.4
MEDIUMCVE-2015-20019
The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues... Read more
Affected Products : content_text_slider_on_post- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4977
IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-14605
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.... Read more
Affected Products : gitlab- Published: Jul. 27, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-33803
A SQL injection vulnerability in /model/get_exam.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.... Read more
Affected Products : complete_web-based_school_management_system- Published: May. 28, 2024
- Modified: Mar. 25, 2025
-
5.4
MEDIUMCVE-2020-4866
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more
Affected Products : rational_doors_next_generation rational_quality_manager rational_team_concert engineering_requirements_quality_assistant_on-premises doors_next engineering_lifecycle_management engineering_test_management engineering_workflow_management engineering_lifecycle_optimization global_configuration_management- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024