Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-3567

    Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, ... Read more

    Affected Products : supportsuite esupport
    • Published: Oct. 06, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5591

    Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained fro... Read more

    Affected Products : nightfall_personal_diary
    • Published: Dec. 16, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3594

    Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter.... Read more

    Affected Products : blog_system
    • Published: Oct. 08, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3535

    Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this... Read more

    Affected Products : clear_content
    • Published: Oct. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5584

    Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to ind... Read more

    Affected Products : projectpier
    • Published: Dec. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5719

    Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages before 06-52-/A allows remote attackers to inject arbitrary w... Read more

    • Published: Dec. 26, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5569

    Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in ... Read more

    Affected Products : phpeppershop
    • Published: Dec. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5566

    Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.... Read more

    Affected Products : phpmultiplenewsletters
    • Published: Dec. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5555

    Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain atta... Read more

    Affected Products : internet_explorer
    • Published: Dec. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5552

    The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7... Read more

    Affected Products : internet_explorer
    • Published: Dec. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5487

    Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : text_link_sales
    • Published: Dec. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5556

    The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by ... Read more

    Affected Products : internet_explorer
    • Published: Dec. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-4891

    Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetluc SignMe 1.5 before 1.55 allows remote attackers to inject arbitrary web script or HTML via the hash parameter. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : signme
    • Published: Nov. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-4177

    Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter.... Read more

    • Published: Dec. 12, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-3592

    Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823.... Read more

    Affected Products : x-cart
    • Published: Oct. 08, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-4928

    Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, ... Read more

    Affected Products : mybb
    • Published: Nov. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-4892

    Cross-site scripting (XSS) vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier, and possibly other versions before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via the mghash parameter. NOTE: some of these d... Read more

    Affected Products : mygallery
    • Published: Nov. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-4799

    pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read.... Read more

    Affected Products : netpbm netpbm
    • Published: Oct. 31, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-4896

    Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in Logz CMS 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the art parameter. NOTE: the provenance of this information is unknown; the details are obtained solely ... Read more

    Affected Products : logz
    • Published: Nov. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-4761

    Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this informat... Read more

    Affected Products : esupport
    • Published: Oct. 28, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293620 Results