Interact
This hub aggregates every CVE we track for Interact, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.
14
CVEs tracked
0
Critical
3
High
0
In CISA KEV
Severity distribution
MEDIUM10HIGH3LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
2024-082026-07
Latest CVEs
The 14 most recently published vulnerabilities affecting Interact.
- CVE-2026-2350Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.6.5
- CVE-2023-5659Interact: Embed A Quiz On Your Site <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode6.4
- CVE-2016-5888IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...5.4
- CVE-2016-5889IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website...8.8
- CVE-2008-3868Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts.6.8
- CVE-2008-3867SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter.6.8
- CVE-2008-3384Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. ...7.5
- CVE-2008-2220Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code ...6.8
- CVE-2007-4177Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-...4.3
- CVE-2007-3328Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/...4.3
- CVE-2006-4448Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] par...5.1
- CVE-2006-1642Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_nam...2.6
- CVE-2006-1644login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this ...5.0
- CVE-2006-1643SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknow...7.5
Product normalization is registry-driven with AI assist and human review. How it works