Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web studio vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2014-9094
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
Digitalzoomstudio Video Gallery -
1 EDB exploit
187
VMScore
CVE-2015-0999
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.
Schneider-electric Wonderware Intouch 2014
Aveva Aveva Edge
NA
CVE-2021-42794
An issue exists in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.
Aveva Edge 2020
Aveva Edge
383
VMScore
CVE-2012-2193
Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ibm Cognos Business Intelligence 10.2
Ibm Cognos Business Intelligence 10.1.1
Ibm Cognos Business Intelligence 10.1
Ibm Cognos Business Intelligence 8.4.1
383
VMScore
CVE-2014-3923
Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote malicious users to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allch...
Digitalzoomstudio Video Gallery -
668
VMScore
CVE-2018-9110
Studio 42 elFinder prior to 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote malicious user to download files accessible by the web server process and delete files owned by the account running the web server pr...
Std42 Elfinder
NA
CVE-2024-31344
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler – White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler – White Label ...
445
VMScore
CVE-2015-0997
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote malicious users to obtain access via a brute-force pass...
Schneider-electric Wonderware Intouch 2014
Aveva Aveva Edge
187
VMScore
CVE-2015-0996
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users ...
Schneider-electric Wonderware Intouch 2014
Aveva Aveva Edge
NA
CVE-2024-4431
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authen...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »