Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2017-6923
In Drupal 8.x before 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access rest...
Drupal Drupal
NA
CVE-2024-33918
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxim K AJAX Login and Registration modal popup + inline form allows Stored XSS.This issue affects AJAX Login and Registration modal popup + inline form: from n/a up to...
NA
CVE-2013-1890
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server prior to 5.0.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in...
Owncloud Owncloud
5.4
CVSSv3
CVE-2013-0203
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/a...
Owncloud Owncloud
NA
CVE-2008-0546
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and previous versions 4.1.x versions, allow remote malicious users to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter ...
Shoppingtree Candypress Store 4.1
Shoppingtree Candypress Store 4.1.1.26
1 EDB exploit
NA
CVE-2012-5164
Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS prior to 3.2.7 allow remote malicious users to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3) livesuggest.php, or (4) save.php in frontend/mod...
Fork-cms Fork Cms 2.6.2
Fork-cms Fork Cms 2.6.3
Fork-cms Fork Cms 2.3.1
Fork-cms Fork Cms 2.0.1
Fork-cms Fork Cms 2.6.12
Fork-cms Fork Cms 3.1.0
Fork-cms Fork Cms 2.6.4
Fork-cms Fork Cms 2.6.7
Fork-cms Fork Cms 3.1.6
Fork-cms Fork Cms 3.2.1
Fork-cms Fork Cms 2.4.0
Fork-cms Fork Cms 2.4.1
Fork-cms Fork Cms 2.0.2
Fork-cms Fork Cms 3.1.2
Fork-cms Fork Cms 3.0.0
Fork-cms Fork Cms 2.6.9
Fork-cms Fork Cms 2.6.6
Fork-cms Fork Cms 3.2.5
Fork-cms Fork Cms 3.2.4
Fork-cms Fork Cms 3.2.2
Fork-cms Fork Cms 3.1.9
Fork-cms Fork Cms 2.5.1
NA
CVE-2012-2269
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud prior to 3.0.3 allow remote malicious users to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) ...
Owncloud Owncloud 3.0.0
Owncloud Owncloud
Owncloud Owncloud 3.0.1
NA
CVE-2012-2759
Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin prior to 3.0.4.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login....
Netweblogic Login With Ajax 2.1.5
Netweblogic Login With Ajax 2.2
Netweblogic Login With Ajax 2.1.3
Netweblogic Login With Ajax 2.1.4
Netweblogic Login With Ajax 3.0.2
Netweblogic Login With Ajax 3.0.3
Netweblogic Login With Ajax
Netweblogic Login With Ajax 2.1.1
Netweblogic Login With Ajax 2.1.2
Netweblogic Login With Ajax 3.0
Netweblogic Login With Ajax 3.0.1
Netweblogic Login With Ajax 2.1
Netweblogic Login With Ajax 2.21
Netweblogic Login With Ajax 3.0b
6.1
CVSSv3
CVE-2018-17595
In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.
Fork-cms Fork Cms 5.4.0
6.1
CVSSv3
CVE-2023-52213
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Cont...
Videowhisper Rate Star Review
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »