Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html injection vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-8685
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.
Dolibarr Dolibarr
NA
CVE-2008-5891
Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader prior to 2.1.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
Injader Injader 2.0.2
Injader Injader
Injader Injader 2.1.0
Injader Injader 2.0.3
Injader Injader 1.6.1
1 EDB exploit
NA
CVE-2010-1327
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
Tornadostore Tornadostore
1 EDB exploit
6.1
CVSSv3
CVE-2019-10887
A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote malicious users to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data...
Salicru Slc-20-cube3\\(5\\) Cs121-snmp 4.54.82.130611
1 EDB exploit
6.1
CVSSv3
CVE-2017-17649
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2
1 EDB exploit
NA
CVE-2013-6233
Cross-site scripting (XSS) vulnerability in SpagoBI prior to 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata."
Eng Spagobi
1 EDB exploit
NA
CVE-2004-2625
Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote malicious users to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag.
Outblaze Outblaze Email
1 EDB exploit
NA
CVE-2002-1480
Cross-site scripting (XSS) vulnerability in phpGB prior to 1.20 allows remote malicious users to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.
Phpgb Phpgb 1.10
1 EDB exploit
6.1
CVSSv3
CVE-2019-11846
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
Dotcms Dotcms 5.1.1
NA
CVE-2005-4454
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote malicious users to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme...
Livejournal Livejournal
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »