Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-41317
XSS Hunter Express prior to 2021-09-17 does not properly enforce authentication requirements for paths.
Xss Hunter Express Project Xss Hunter Express
NA
CVE-2022-21169
The package express-xss-sanitizer prior to 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the malicious user to bypass xss sanitization.
Express Xss Sanitizer Project Express Xss Sanitizer
383
VMScore
CVE-2017-15717
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling X...
Apache Sling Xss Protection Api
Apache Sling Xss Protection Api 2.0.0
Apache Sling Xss Protection Api Compat 1.1.0
383
VMScore
CVE-2010-1647
Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.15.2
605
VMScore
CVE-2010-1648
Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the ...
Mediawiki Mediawiki 1.16.0
Mediawiki Mediawiki 1.15.1
Mediawiki Mediawiki 1.15.0
Mediawiki Mediawiki 1.15.3
Mediawiki Mediawiki 1.15.2
231
VMScore
CVE-2011-4344
Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins prior to 1.438, and 1.409 LTS prior to 1.409.3 LTS, when a stand-alone container is used, allows remote malicious users to inject arbitrary web script or HTML via vectors related to error messages.
Jenkins Jenkins 1.409.1
Jenkins Jenkins 1.409.2
Jenkins Jenkins
383
VMScore
CVE-2010-2491
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup prior to 1.4.14 allows remote malicious users to inject arbitrary web script or HTML via the template argument to the /issue program.
Roundup-tracker Roundup 0.5.2
Roundup-tracker Roundup 0.6.1
Roundup-tracker Roundup 0.6.11
Roundup-tracker Roundup 0.8.4
Roundup-tracker Roundup 0.5.8
Roundup-tracker Roundup 0.2.1
Roundup-tracker Roundup 0.2.3
Roundup-tracker Roundup 0.7.9
Roundup-tracker Roundup 0.4.0
Roundup-tracker Roundup 1.3.3
Roundup-tracker Roundup 0.6.0
Roundup-tracker Roundup 0.5.3
Roundup-tracker Roundup 1.0.1
Roundup-tracker Roundup 1.4.7
Roundup-tracker Roundup 0.7.4
Roundup-tracker Roundup 1.3.2
Roundup-tracker Roundup 0.7.7
Roundup-tracker Roundup 0.1.0
Roundup-tracker Roundup 0.2.0
Roundup-tracker Roundup 0.6.5
Roundup-tracker Roundup 0.7.2
Roundup-tracker Roundup 0.6.3
151
VMScore
CVE-2011-0790
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.
Sun Sunos 5.10
Sun Sunos 5.9
383
VMScore
CVE-2015-6938
Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook prior to 3.2.2 and Jupyter Notebook 4.0.x prior to 4.0.5 allows remote malicious users to inject arbitrary web script or HTML via a folder name. NOTE: this was originally r...
Jupyter Notebook 4.0.2
Jupyter Notebook 4.0.0
Jupyter Notebook 4.0.4
Jupyter Notebook 4.0.1
Jupyter Notebook 4.0.3
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Fedoraproject Fedora 21
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Ipython Notebook
383
VMScore
CVE-2015-4707
Cross-site scripting (XSS) vulnerability in IPython prior to 3.2 allows remote malicious users to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
Ipython Ipython
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »