Latest CVE Feed
-
4.3
MEDIUMCVE-2006-5447
Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter.... Read more
Affected Products : dev_web_management_system- Published: Oct. 23, 2006
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2007-6141
Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more
Affected Products : vbtube- Published: Nov. 27, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2022-2303
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the ... Read more
Affected Products : gitlab- Published: Aug. 05, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-3288
A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.... Read more
Affected Products : gitlab- Published: Oct. 17, 2022
- Modified: May. 13, 2025
-
4.3
MEDIUMCVE-2018-5172
The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2006-5535
Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to script... Read more
Affected Products : cpanel- Published: Oct. 26, 2006
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2006-5860
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more
- Published: Feb. 14, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2013-6674
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message contain... Read more
- Published: Feb. 17, 2014
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2022-1627
The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more
Affected Products : my_private_site- Published: Jun. 27, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2006-4915
Cross-site scripting (XSS) vulnerability in index.php in Innovate Portal 2.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter.... Read more
Affected Products : innovate_portal- Published: Sep. 21, 2006
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2006-4838
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name... Read more
Affected Products : dcp-portal- Published: Sep. 15, 2006
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2006-4949
Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script ... Read more
Affected Products : site_profile_directory_module- Published: Sep. 23, 2006
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2023-3585
Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link. ... Read more
- Published: Jul. 17, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2006-4894
Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.... Read more
Affected Products : nixieaffiliate- Published: Sep. 19, 2006
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2006-5963
Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename.... Read more
- Published: Jan. 19, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2020-2307
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.... Read more
Affected Products : kubernetes- Published: Nov. 04, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2006-4796
Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable).... Read more
Affected Products : snitz_forums_2000- Published: Sep. 14, 2006
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2024-56215
Missing Authorization vulnerability in Stephen Sherrard Member Directory and Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through 1.7.0.... Read more
Affected Products :- Published: Dec. 31, 2024
- Modified: Dec. 31, 2024
-
4.3
MEDIUMCVE-2023-3735
Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Aug. 01, 2023
- Modified: Jul. 09, 2025
-
4.3
MEDIUMCVE-2007-0371
A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP_BDc.SelectedFolder property value.... Read more
Affected Products : browsedialog_server- Published: Jan. 19, 2007
- Modified: Apr. 09, 2025