Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-7666
An issue exists in ClipBucket prior to 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter.
Clip-bucket Clipbucket
755
VMScore
CVE-2007-5643
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.
Lussumo Vanilla
1 EDB exploit
510
VMScore
CVE-2009-4089
telepark.wiki 2.4.23 and previous versions allows remote malicious users to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.
Telepark Telepark.wiki 2.4.23
2 EDB exploits
755
VMScore
CVE-2013-2226
Multiple SQL injection vulnerabilities in GLPI prior to 0.83.9 allow remote malicious users to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to aj...
Glpi-project Glpi
Glpi-project Glpi 0.83.7
Glpi-project Glpi 0.83.6
Glpi-project Glpi 0.83.5
Glpi-project Glpi 0.83.1
Glpi-project Glpi 0.83
Glpi-project Glpi 0.83.4
Glpi-project Glpi 0.83.3
Glpi-project Glpi 0.83.31
Glpi-project Glpi 0.83.2
1 EDB exploit
356
VMScore
CVE-2017-6923
In Drupal 8.x before 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access rest...
Drupal Drupal
NA
CVE-2024-33918
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxim K AJAX Login and Registration modal popup + inline form allows Stored XSS.This issue affects AJAX Login and Registration modal popup + inline form: from n/a up to...
755
VMScore
CVE-2008-0546
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and previous versions 4.1.x versions, allow remote malicious users to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter ...
Shoppingtree Candypress Store 4.1
Shoppingtree Candypress Store 4.1.1.26
1 EDB exploit
383
VMScore
CVE-2012-5164
Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS prior to 3.2.7 allow remote malicious users to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3) livesuggest.php, or (4) save.php in frontend/mod...
Fork-cms Fork Cms 2.6.2
Fork-cms Fork Cms 2.6.3
Fork-cms Fork Cms 2.3.1
Fork-cms Fork Cms 2.0.1
Fork-cms Fork Cms 2.6.12
Fork-cms Fork Cms 3.1.0
Fork-cms Fork Cms 2.6.4
Fork-cms Fork Cms 2.6.7
Fork-cms Fork Cms 3.1.6
Fork-cms Fork Cms 3.2.1
Fork-cms Fork Cms 2.4.0
Fork-cms Fork Cms 2.4.1
Fork-cms Fork Cms 2.0.2
Fork-cms Fork Cms 3.1.2
Fork-cms Fork Cms 3.0.0
Fork-cms Fork Cms 2.6.9
Fork-cms Fork Cms 2.6.6
Fork-cms Fork Cms 3.2.5
Fork-cms Fork Cms 3.2.4
Fork-cms Fork Cms 3.2.2
Fork-cms Fork Cms 3.1.9
Fork-cms Fork Cms 2.5.1
383
VMScore
CVE-2013-1890
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server prior to 5.0.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in...
Owncloud Owncloud
312
VMScore
CVE-2013-0203
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/a...
Owncloud Owncloud
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »