Latest CVE Feed
-
4.3
MEDIUMCVE-2022-39402
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where My... Read more
- Published: Oct. 18, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2007-6461
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; an... Read more
Affected Products : flyspray- Published: Dec. 20, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2008-6879
Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.... Read more
Affected Products : roller- Published: Jul. 30, 2009
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2007-6526
Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.... Read more
Affected Products : tikiwiki_cms\/groupware- Published: Dec. 27, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2023-21959
Vulnerability in the Oracle iReceivables product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to... Read more
Affected Products : ireceivables- Published: Apr. 18, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2023-41951
Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14.... Read more
Affected Products : rtmedia- Published: Dec. 13, 2024
- Modified: Dec. 13, 2024
-
4.3
MEDIUMCVE-2002-1678
Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.... Read more
Affected Products : vbulletin- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2002-1805
Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.... Read more
Affected Products : dacode- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2009-5011
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having... Read more
Affected Products : pyftpdlib- Published: Oct. 19, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2007-5547
Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-adviso... Read more
Affected Products : ios- Published: Oct. 18, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2007-5854
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.... Read more
Affected Products : mac_os_x- Published: Dec. 19, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2005-4501
MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Exp... Read more
Affected Products : mediawiki- Published: Dec. 22, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2007-5625
Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site Search SearchSimon Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.... Read more
Affected Products : asp_site_search_searchsimon_lite- Published: Oct. 23, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2009-4775
Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response.... Read more
Affected Products : ws_ftp- Published: Apr. 21, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2002-1845
Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter.... Read more
Affected Products : yabb- Published: Dec. 31, 2002
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2010-0714
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 throug... Read more
- Published: Feb. 26, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2009-4612
Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ER... Read more
Affected Products : jetty- Published: Jan. 13, 2010
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2008-4029
Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs... Read more
Affected Products : windows_server_2008 internet_explorer windows_2000 windows_server_2003 windows_vista windows_xp- Published: Nov. 12, 2008
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2023-22004
Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with netw... Read more
- Published: Jul. 18, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2007-5944
Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be t... Read more
Affected Products : websphere_application_server- Published: Nov. 14, 2007
- Modified: Apr. 09, 2025