Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2008-7147

    Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the (1) outline and (2) course parameters to library/des... Read more

    Affected Products : intralearn
    • Published: Sep. 01, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-1190

    Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name.... Read more

    Affected Products : phpmyadmin
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-6351

    Cross-site scripting (XSS) vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to inject arbitrary web script or HTML via the r parameter.... Read more

    Affected Products : local_classifieds
    • Published: Mar. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-4065

    Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters t... Read more

    • Published: Sep. 24, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2004-2748

    viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message.... Read more

    Affected Products : reporting_center
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-6336

    Directory traversal vulnerability in download.php in Text Lines Rearrange Script 1.0, when register_globals is enabled, allows remote attackers to read arbitrary local files via directory traversal sequences in the filename parameter.... Read more

    Affected Products : text_lines_rearrange_script
    • Published: Feb. 27, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-7134

    Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) c... Read more

    Affected Products : download_center
    • Published: Sep. 01, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-4454

    Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : hlstats
    • Published: Aug. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0674

    Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request.... Read more

    Affected Products : pabox
    • Published: Mar. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-6370

    Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter.... Read more

    Affected Products : contact_manager_pro
    • Published: Mar. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-4500

    Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10)... Read more

    Affected Products : ezportal_ztml_cms
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4479

    Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter.... Read more

    Affected Products : ezcontents
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-7140

    Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenan... Read more

    Affected Products : \@lex_guestbook
    • Published: Sep. 01, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-0673

    Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures fo... Read more

    Affected Products : phpbb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-7175

    Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action.... Read more

    Affected Products : wordpress nextgen_gallery
    • Published: Sep. 08, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-0829

    Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.... Read more

    Affected Products : php_fusion
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0682

    Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs.... Read more

    Affected Products : drupal
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-7257

    CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involvi... Read more

    • Published: Jun. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-0742

    Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : java_system_application_server
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-5093

    Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : edirectory
    • Published: Nov. 14, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293545 Results