Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflected xss vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-13944
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
Apache Airflow
NA
CVE-2013-5911
Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 up to and including 4.7 allows remote malicious users to inject arbitrary web script or HTML via the message parameter.
Tenable Securitycenter 4.7
Tenable Securitycenter 4.6
6.1
CVSSv3
CVE-2019-9914
The yop-poll plugin prior to 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS.
Yop-poll Yop-poll
6.1
CVSSv3
CVE-2017-0378
XSS exists in the login_form function in views/helpers.php in Phamm prior to 0.6.7, exploitable via the PATH_INFO to main.php.
Phamm Phamm
6.1
CVSSv3
CVE-2020-1949
Scripts in Sling CMS prior to 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
Apache Sling Cms
6.1
CVSSv3
CVE-2019-0218
A vulnerability exists wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.
Apache Pony Mail
6.1
CVSSv3
CVE-2018-12996
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager prior to 13 (Build 13800) allows remote malicious users to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.
Zohocorp Manageengine Applications Manager
6.1
CVSSv3
CVE-2018-20806
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
Phamm Phamm 0.6.8
6.1
CVSSv3
CVE-2016-4566
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload prior to 2.1.9, as used in WordPress prior to 4.5.2, allows remote malicious users to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
Wordpress Wordpress
Plupload Plupload
4 Github repositories
6.1
CVSSv3
CVE-2018-12998
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote m...
Zohocorp Manageengine Netflow Analyzer -
Zohocorp Firewall Analyzer -
Zohocorp Manageengine Opmanager -
Zohocorp Manageengine Oputils -
Zohocorp Manageengine Network Configuration Manager -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »