Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflected xss vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-9913
The wp-live-chat-support plugin prior to 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
3cx Live Chat
6.1
CVSSv3
CVE-2020-17515
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions before 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue com...
Apache Airflow
6.1
CVSSv3
CVE-2019-9646
The Contact Form Email plugin prior to 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area."
Codepeople Contact Form Email
6.1
CVSSv3
CVE-2023-36163
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote malicious user to execute arbitrary code via a crafted script to the mc parameter of the URL.
Buildagate Project Buildagate 5
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2019-9911
The social-networks-auto-poster-facebook-twitter-g plugin prior to 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS.
Nextscripts Social Networks Auto Poster
6.1
CVSSv3
CVE-2018-17533
Teltonika RUT9XX routers with firmware prior to 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
Teltonika Rut900 Firmware
Teltonika Rut950 Firmware
Teltonika Rut955 Firmware
6.1
CVSSv3
CVE-2018-17862
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote malicious users to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Sap J2ee Engine 7.01
6.1
CVSSv3
CVE-2023-2779
The Social Share, Social Login and Social Comments WordPress plugin prior to 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Heator Social Share\\, Social Login And Social Comments
1 EDB exploit
6.1
CVSSv3
CVE-2019-0234
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade ...
Apache Roller 5.2.1
Apache Roller 5.2.0
Apache Roller 5.2.2
6.1
CVSSv3
CVE-2021-45229
It exists that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.
Apache Airflow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »