Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site scripting vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-12562
Stored Cross-Site Scripting in DotNetNuke (DNN) Version prior to 9.4.0 allows remote malicious users to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding use...
Dnnsoftware Dotnetnuke
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2019-11564
A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote malicious users to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request.
Humhub Humhub 1.3.12
1 EDB exploit
8.8
CVSSv3
CVE-2012-2629
Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to ad...
Axous Axous
1 EDB exploit
NA
CVE-2012-3232
Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote malicious users to inject arbitrary web script or HTML via the _text[title] parameter.
Webatall Web\\@all 2.0
1 EDB exploit
NA
CVE-2006-5830
Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_...
Aiocp Aiocp 1.3.000
Aiocp Aiocp 1.3.007
Aiocp Aiocp 1.3.003
Aiocp Aiocp 1.3.004
Aiocp Aiocp 1.3.001
Aiocp Aiocp 1.3.002
Aiocp Aiocp 1.3.005
Aiocp Aiocp 1.3.006
5 EDB exploits
NA
CVE-2012-6644
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote malicious users to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; o...
Clip-bucket Clipbucket 2.6
8 EDB exploits
4.8
CVSSv3
CVE-2018-20011
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
Domainmod Domainmod
1 EDB exploit
6.1
CVSSv3
CVE-2018-8738
Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS.
Airties 5444 Firmware 1.0.0.18
Airties 5444tt Firmware 1.0.0.18
1 EDB exploit
NA
CVE-2012-4000
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and previous versions allows remote malicious users to inject arbitrary web script or HTML via textinput...
Ckeditor Fckeditor 2.6.3
Ckeditor Fckeditor 2.5
Ckeditor Fckeditor 2.4.3
Ckeditor Fckeditor 2.3
Ckeditor Fckeditor 2.0
Ckeditor Fckeditor 1.2.2
Ckeditor Fckeditor 1.2
Ckeditor Fckeditor 0.9.4
Ckeditor Fckeditor 0.9.3
Ckeditor Fckeditor
Ckeditor Fckeditor 2.6.5
Ckeditor Fckeditor 2.6
Ckeditor Fckeditor 2.4
Ckeditor Fckeditor 2.3.3
Ckeditor Fckeditor 2.1
Ckeditor Fckeditor 1.4
Ckeditor Fckeditor 1.3.1
Ckeditor Fckeditor 1.0
Ckeditor Fckeditor 0.8.5
Ckeditor Fckeditor 0.8
Ckeditor Fckeditor 2.6.4
Ckeditor Fckeditor 2.6.4.1
1 EDB exploit
NA
CVE-2012-1417
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
Yealink Gigabit Color Ip Phone Sip-t32g -
Yealink Ip Phone Sip-t28p -
Yealink W52p -
Yealink Ultra-elegant Ip Phone Sip-t41p -
Yealink Gigabit Color Ip Phone Sip-t38g -
Yealink Ip Phone Sip-t19p -
Yealink Ip Video Phone Vp530 -
Yealink Ultra-elegant Ip Phone Sip-t46g -
Yealink Ultra-elegant Ip Phone Sip-t42g -
Yealink Ip Phone Sip-t21p -
Yealink Ip Phone Sip-t20p -
Yealink Ultra-elegant Ip Phone Sip-t48g -
Yealink Ip Phone Sip-t26p -
Yealink Ip Phone Sip-t22p -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »