Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflected xss vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-13944
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
Apache Airflow
6.1
CVSSv3
CVE-2017-0378
XSS exists in the login_form function in views/helpers.php in Phamm prior to 0.6.7, exploitable via the PATH_INFO to main.php.
Phamm Phamm
6.1
CVSSv3
CVE-2019-9914
The yop-poll plugin prior to 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS.
Yop-poll Yop-poll
NA
CVE-2013-5911
Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 up to and including 4.7 allows remote malicious users to inject arbitrary web script or HTML via the message parameter.
Tenable Securitycenter 4.7
Tenable Securitycenter 4.6
6.1
CVSSv3
CVE-2019-0218
A vulnerability exists wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.
Apache Pony Mail
6.1
CVSSv3
CVE-2020-1949
Scripts in Sling CMS prior to 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
Apache Sling Cms
6.1
CVSSv3
CVE-2018-12996
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager prior to 13 (Build 13800) allows remote malicious users to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.
Zohocorp Manageengine Applications Manager
6.1
CVSSv3
CVE-2019-9913
The wp-live-chat-support plugin prior to 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
3cx Live Chat
6.1
CVSSv3
CVE-2019-9575
The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS.
Quizandsurveymaster Quiz And Survey Master 6.0.4
6.1
CVSSv3
CVE-2016-4566
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload prior to 2.1.9, as used in WordPress prior to 4.5.2, allows remote malicious users to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
Wordpress Wordpress
Plupload Plupload
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »