Latest CVE Feed
-
5.4
MEDIUMCVE-2015-20019
The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues... Read more
Affected Products : content_text_slider_on_post- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4977
IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager collaborative_lifecycle_management engineering_lifecycle_management engineering_test_management engineering_lifecycle_optimization engineering_lifecycle_optimization_-_engineering_insights engineering_lifecycle_optimization_-_publishing +1 more products- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-14605
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.... Read more
Affected Products : gitlab- Published: Jul. 27, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-33803
A SQL injection vulnerability in /model/get_exam.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.... Read more
Affected Products : complete_web-based_school_management_system- Published: May. 28, 2024
- Modified: Mar. 25, 2025
-
5.4
MEDIUMCVE-2020-4866
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more
Affected Products : rational_doors_next_generation rational_quality_manager rational_team_concert engineering_requirements_quality_assistant_on-premises doors_next engineering_lifecycle_management engineering_test_management engineering_workflow_management engineering_lifecycle_optimization global_configuration_management- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-33641
Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through 0.3. ... Read more
Affected Products :- Published: Apr. 29, 2024
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4792
IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For... Read more
Affected Products : edge_application_manager- Published: Apr. 05, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4892
IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more
Affected Products : emptoris_contract_management- Published: Jan. 07, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4825
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi... Read more
Affected Products : api_connect- Published: Feb. 04, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-33592
Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. ... Read more
Affected Products : radio_player- Published: Apr. 25, 2024
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-33533
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation ... Read more
Affected Products : collaboration- Published: Aug. 12, 2024
- Modified: Mar. 13, 2025
-
5.4
MEDIUMCVE-2020-4733
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_rhapsody_design_manager rational_team_concert rhapsody_model_manager collaborative_lifecycle_management doors_next engineering_insights +5 more products- Published: Jan. 08, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4785
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vuln... Read more
Affected Products : app_connect_enterprise_certified_container- Published: Nov. 03, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4707
IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within ... Read more
Affected Products : api_connect- Published: Aug. 04, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2015-1349
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) b... Read more
Affected Products : bind- Published: Feb. 19, 2015
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2015-1394
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard... Read more
Affected Products : photo_gallery- Published: Feb. 08, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4697
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted s... Read more
Affected Products : rational_doors_next_generation rational_collaborative_lifecycle_management rational_engineering_lifecycle_manager rational_quality_manager rational_rhapsody_design_manager rational_team_concert rhapsody_model_manager collaborative_lifecycle_management doors_next engineering_insights +5 more products- Published: Jan. 08, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-4681
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess... Read more
Affected Products : security_guardium- Published: Oct. 12, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-30119
Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDe... Read more
Affected Products : vsa- Published: Jul. 09, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-32835
Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3. ... Read more
Affected Products : import_export_wordpress_users- Published: Apr. 24, 2024
- Modified: Nov. 21, 2024