Skip to main content

Interact

8 CVEs product

Monthly

CVE-2026-6416 LOW PATCH Monitor

Uncontrolled resource consumption in Tanium Interact allows authenticated high-privilege administrators to trigger a denial of service condition through network-accessible endpoints. The vulnerability requires high-level administrative privileges (PR:H) and produces only availability impact with no confidentiality or integrity compromise. CVSS base score of 2.7 reflects the severe privilege barrier and limited impact scope.

Denial Of Service Interact
NVD VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-2350 MEDIUM This Month

Tanium Interact logs sensitive information that authenticated users can access, potentially exposing confidential data through log file inspection. The vulnerability requires valid credentials and does not allow modification or service disruption, limiting its impact to information disclosure.

Information Disclosure Interact
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15289 LOW Monitor

Tanium addressed an improper access controls vulnerability in Interact. [CVSS 3.1 LOW]

Authentication Bypass Interact
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-15288 LOW Monitor

Tanium addressed an improper access controls vulnerability in Interact. [CVSS 3.1 LOW]

Authentication Bypass Interact
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2023-5659 MEDIUM This Month

The Interact: Embed A Quiz On Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interact-quiz' shortcode in all versions up to, and including, 3.0.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Interact
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-41103 MEDIUM This Month

Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Interact
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2016-5889 HIGH PATCH This Week

IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Interact
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-5888 MEDIUM PATCH This Month

IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Interact
NVD
CVSS 3.0
5.4
EPSS
0.3%
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Uncontrolled resource consumption in Tanium Interact allows authenticated high-privilege administrators to trigger a denial of service condition through network-accessible endpoints. The vulnerability requires high-level administrative privileges (PR:H) and produces only availability impact with no confidentiality or integrity compromise. CVSS base score of 2.7 reflects the severe privilege barrier and limited impact scope.

Denial Of Service Interact
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Tanium Interact logs sensitive information that authenticated users can access, potentially exposing confidential data through log file inspection. The vulnerability requires valid credentials and does not allow modification or service disruption, limiting its impact to information disclosure.

Information Disclosure Interact
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Tanium addressed an improper access controls vulnerability in Interact. [CVSS 3.1 LOW]

Authentication Bypass Interact
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Tanium addressed an improper access controls vulnerability in Interact. [CVSS 3.1 LOW]

Authentication Bypass Interact
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Interact: Embed A Quiz On Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interact-quiz' shortcode in all versions up to, and including, 3.0.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Interact
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Interact
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Interact
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Interact
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy