Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 4.3

    MEDIUM
    CVE-2009-1070

    Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter.... Read more

    Affected Products : expressionengine
    • Published: Mar. 26, 2009
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2006-4220

    Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) a... Read more

    Affected Products : groupwise groupwise_webaccess
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2009-1418

    Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : system_management_homepage
    • Published: May. 19, 2009
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2009-3745

    Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string.... Read more

    Affected Products : rational_appscan
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2008-5770

    Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.... Read more

    Affected Products : phpweather
    • Published: Dec. 30, 2008
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2008-5697

    The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument.... Read more

    Affected Products : firefox skype_extension_for_firefox
    • Published: Dec. 22, 2008
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2009-3755

    Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php and (2) modules\base\myaccount.php; and the PATH_INFO to (3) modules_view.php, (4) tabledef... Read more

    Affected Products : phpbms
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2009-3030

    Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to... Read more

    • Published: Oct. 15, 2009
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2020-12404

    For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.... Read more

    Affected Products : firefox
    • Published: Jul. 09, 2020
    • Modified: Nov. 21, 2024
  • 4.3

    MEDIUM
    CVE-2008-7089

    Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.... Read more

    Affected Products : pligg_cms
    • Published: Aug. 26, 2009
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2008-7036

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) dir... Read more

    Affected Products : bcoos e-xoops devtracker
    • Published: Aug. 24, 2009
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2013-0197

    Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php.... Read more

    Affected Products : mantisbt
    • Published: May. 15, 2014
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2009-2987

    Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors.... Read more

    Affected Products : acrobat acrobat_reader
    • Published: Oct. 19, 2009
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2006-3089

    Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) prefixe_dossier parameter in (a) /inc/header.php; (2) msg parameter in (b) /r... Read more

    Affected Products : phpmyfactures
    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025
  • 4.3

    MEDIUM
    CVE-2014-3262

    The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) v... Read more

    Affected Products : ios_xe ios
    • Published: May. 16, 2014
    • Modified: Apr. 12, 2025
  • 4.3

    MEDIUM
    CVE-2008-5823

    An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startu... Read more

    Affected Products : windows_vista money
    • Published: Jan. 02, 2009
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2009-3008

    K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacke... Read more

    Affected Products : k-meleon
    • Published: Aug. 28, 2009
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2009-3060

    Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the notice parameter to editform.php, (2) the edit_user_message parameter to core/edit_us... Read more

    Affected Products : jboard
    • Published: Sep. 03, 2009
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2009-3005

    Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers ... Read more

    Affected Products : lunascape
    • Published: Aug. 28, 2009
    • Modified: Apr. 09, 2025
  • 4.3

    MEDIUM
    CVE-2008-7039

    Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. NOTE: some of these details are obtained from third party information... Read more

    Affected Products : gelatocms
    • Published: Aug. 24, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293947 Results