Latest CVE Feed
-
2.6
LOWCVE-2007-3838
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this... Read more
Affected Products : dr- EPSS Score: %1.48
- Published: Jul. 17, 2007
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2007-3835
Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search.... Read more
Affected Products : metalib- EPSS Score: %0.50
- Published: Jul. 17, 2007
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2014-0046
Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title att... Read more
Affected Products : ember.js- EPSS Score: %0.52
- Published: Feb. 27, 2014
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2008-4164
cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.... Read more
Affected Products : memht_portal- EPSS Score: %1.98
- Published: Sep. 22, 2008
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2015-7232
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vecto... Read more
Affected Products : open_semantic_framework- EPSS Score: %0.26
- Published: Sep. 17, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2015-4387
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers ... Read more
- EPSS Score: %0.33
- Published: Jun. 15, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2015-7412
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain... Read more
Affected Products : datapower_gateway- EPSS Score: %0.21
- Published: Nov. 08, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2013-5679
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attacker... Read more
Affected Products : enterprise_security_api- EPSS Score: %0.10
- Published: Sep. 30, 2013
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2011-2694
Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username par... Read more
- EPSS Score: %3.38
- Published: Jul. 29, 2011
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2005-3089
Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerabilit... Read more
Affected Products : firefox- EPSS Score: %0.72
- Published: Sep. 28, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-2755
Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference.... Read more
Affected Products : quicktime- EPSS Score: %1.39
- Published: Nov. 05, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-2268
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog... Read more
- EPSS Score: %2.16
- Published: Jul. 13, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-2174
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL repli... Read more
Affected Products : bugzilla- EPSS Score: %0.40
- Published: Jul. 08, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2007-6100
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset param... Read more
Affected Products : phpmyadmin- EPSS Score: %0.50
- Published: Nov. 23, 2007
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2012-4534
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminatin... Read more
Affected Products : tomcat- EPSS Score: %22.77
- Published: Dec. 19, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2012-4600
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an... Read more
- EPSS Score: %1.05
- Published: Aug. 31, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2010-0777
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers... Read more
Affected Products : websphere_application_server- EPSS Score: %0.55
- Published: May. 17, 2010
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2008-4775
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a... Read more
Affected Products : phpmyadmin- EPSS Score: %7.23
- Published: Oct. 28, 2008
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2009-0354
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors invol... Read more
Affected Products : firefox- EPSS Score: %0.58
- Published: Feb. 04, 2009
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2013-5137
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.... Read more
Affected Products : iphone_os- EPSS Score: %0.37
- Published: Sep. 19, 2013
- Modified: Apr. 11, 2025