Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1905
Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "&l...
Pineapple Technologies Quizshock
1 EDB exploit
NA
CVE-2015-3935
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote malicious users to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php.
Dolibarr Dolibarr 3.6.0
Dolibarr Dolibarr 3.5.0
NA
CVE-2007-2011
Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote malicious users to inject arbitrary web script or HTML via the username parameter.
Deskpro Deskpro 2.0.1
1 EDB exploit
NA
CVE-2009-4939
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote malicious users to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid p...
Impactsoftcompany Adpeeps 8.5
2 EDB exploits
NA
CVE-2010-4963
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote malicious users to execute arbitrary SQL commands via the order_by parameter.
Hulihanapplications Hulihan Bxr 0.6.8
1 EDB exploit
NA
CVE-2003-0295
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote malicious users to inject arbitrary web script and HTML via the "Preview Message" capability.
Jelsoft Vbulletin 3.0.0 Beta 2
1 EDB exploit
5.4
CVSSv3
CVE-2023-48837
Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
Phpjabbers Car Rental Script 3.0
5.4
CVSSv3
CVE-2023-48838
Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code.
Phpjabbers Appointment Scheduler 3.0
NA
CVE-2007-5411
Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote malicious users to inject arbitrary web script or HTML via the From header in a SIP message.
Linksys Spa941
1 EDB exploit
4.7
CVSSv3
CVE-2021-1420
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote malicious user to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could ex...
Cisco Webex Meetings -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »