Latest CVE Feed
-
4.3
MEDIUMCVE-2013-3645
Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : orchard- Published: Jun. 14, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2014-3995
Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name.... Read more
Affected Products : djblets- Published: Jun. 16, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2852
Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators.... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2006-0860
Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular exp... Read more
Affected Products : guestbox- Published: Feb. 23, 2006
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2015-4465
Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : zm_ajax_login_\&_register- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2018-21252
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.... Read more
Affected Products : mattermost_server- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-14779
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthen... Read more
Affected Products : fedora debian_linux leap active_iq_unified_manager hci_management_node solidfire oncommand_insight jdk jre e-series_santricity_os_controller +9 more products- Published: Oct. 21, 2020
- Modified: May. 27, 2025
-
4.3
MEDIUMCVE-2020-13943
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequen... Read more
- Published: Oct. 12, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-2962
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated att... Read more
- Published: Oct. 16, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-10963
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.... Read more
- Published: Oct. 08, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2013-1086
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute.... Read more
Affected Products : groupwise- Published: Apr. 19, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2023-51523
Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through 0.3.0.7.... Read more
Affected Products :- Published: Jun. 14, 2024
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-17475
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more
Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation chrome- Published: Nov. 14, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-5103
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.... Read more
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2023-37855
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser. ... Read more
Affected Products : wp_6070-wvps_firmware wp_6101-wxps_firmware wp_6121-wxps_firmware wp_6156-whps_firmware wp_6185-whps_firmware wp_6215-whps_firmware wp_6070-wvps wp_6101-wxps wp_6121-wxps wp_6156-whps +2 more products- Published: Aug. 09, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-17404
Nokia IMPACT < 18A: allows full path disclosure... Read more
Affected Products : impact- Published: Nov. 25, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2013-1614
Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via u... Read more
- Published: Jul. 08, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2014-3654
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomS... Read more
- Published: Nov. 03, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2020-14318
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.... Read more
- Published: Dec. 03, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2012-0313
Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed.... Read more
Affected Products : glucose_2- Published: Jan. 24, 2012
- Modified: Apr. 11, 2025