Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site scripting vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-15596
An issue exists in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren...
Mybb Mybb 1.8.17
1 EDB exploit
6.1
CVSSv3
CVE-2019-12562
Stored Cross-Site Scripting in DotNetNuke (DNN) Version prior to 9.4.0 allows remote malicious users to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding use...
Dnnsoftware Dotnetnuke
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2018-5715
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
Sugarcrm Sugarcrm 3.5.1
1 EDB exploit
6.1
CVSSv3
CVE-2016-9834
An XSS vulnerability allows remote malicious users to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware up to and including 10.6.4. User interaction is required to exploit this vulnerability in that the target must ...
Sophos Cyberoam Firmware
1 EDB exploit
5.4
CVSSv3
CVE-2019-13977
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.
Ovidentia Ovidentia 8.4.3
1 EDB exploit
4.8
CVSSv3
CVE-2018-11512
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted we...
Creatiwity Witycms 0.6.1
1 EDB exploit
4.8
CVSSv3
CVE-2021-3111
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
Concretecms Concrete Cms
6.1
CVSSv3
CVE-2019-11564
A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote malicious users to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request.
Humhub Humhub 1.3.12
1 EDB exploit
6.1
CVSSv3
CVE-2017-12984
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.
Phpmywind Phpmywind 5.3
1 EDB exploit
6.1
CVSSv3
CVE-2018-5479
FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for malicious users to steal sessions of...
Foxsash Imghosting 1.5
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »