Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
website vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-2241
Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite prior to 3.5.15 allows remote malicious users to cause a denial of service (crash) via a long HTTP OPTIONS request.
Deerfield Visnetic Website
NA
CVE-2002-2246
Cross-site scripting (XSS) vulnerability in VisNetic Website prior to 3.5.15 allows remote malicious users to inject arbitrary web script or HTML via the HTTP referer header (HTTP_REFERER) to a non-existent page, which is injected into the resulting 404 error page.
Deerfield Visnetic Website
1 EDB exploit
9.8
CVSSv3
CVE-2020-7109
The Elementor Page Builder plugin prior to 2.8.4 for WordPress does not sanitize data during creation of a new template.
Elementor Website Builder
5.4
CVSSv3
CVE-2021-24202
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or a...
Elementor Website Builder
5.4
CVSSv3
CVE-2021-24204
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contribut...
Elementor Website Builder
5.4
CVSSv3
CVE-2022-24864
Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to `/presale/join`. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is d...
Originprotocol Origin Website
5.4
CVSSv3
CVE-2020-36703
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in page...
Elementor Website Builder
6.1
CVSSv3
CVE-2022-4953
The Elementor Website Builder WordPress plugin prior to 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.
Elementor Website Builder
7.2
CVSSv3
CVE-2023-0329
The Elementor Website Builder WordPress plugin prior to 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role.
Elementor Website Builder
5.4
CVSSv3
CVE-2021-24201
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or abo...
Elementor Website Builder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »