Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-4494
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.
Spip Spip 1.8.2
NA
CVE-2009-0413
Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote malicious users to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.
Roundcube Webmail 0.2
NA
CVE-2011-0770
Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance prior to 6.1 allows remote malicious users to inject arbitrary web script or HTML via the Windows XP variable in a file.
Hp Windows Event Log Smartconnector
Hp Arcsight C1300 Appliance
Hp Arcsight C3400 Appliance
Hp Arcsight C5400 Appliance
Hp Arcsight C3200 Appliance
Hp Arcsight C5200 Appliance
Hp Arcsight C1000 Appliance
NA
CVE-2014-3428
Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote malicious users to inject arbitrary web script or HTML via the model parameter to servlet.
Yealink Voip Phone Firmware 28.72.0.2
Yealink Voip Phone 28.2.0.128.0.0.0
NA
CVE-2014-7985
Directory traversal vulnerability in EspoCRM prior to 2.6.0 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
Espocrm Espocrm
NA
CVE-2014-7987
Cross-site scripting (XSS) vulnerability in EspoCRM prior to 2.6.0 allows remote malicious users to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.
Espocrm Espocrm
NA
CVE-2013-7303
Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP prior to 2.1.25 and 3.0.x prior to 3.0.13 allow remote malicious users to inject arbitrary web script or HTML via the author name f...
Spip Spip 3.0.3
Spip Spip 3.0.4
Spip Spip 2.1.23
Spip Spip 2.1.22
Spip Spip 2.1.16
Spip Spip 2.1.15
Spip Spip 2.0.9
Spip Spip 2.0.8
Spip Spip 2.0.21
Spip Spip 2.0.20
Spip Spip 2.0.14
Spip Spip 2.0.13
Spip Spip 3.0.10
Spip Spip 3.0.11
Spip Spip 3.0.2
Spip Spip 3.0.9
Spip Spip
Spip Spip 2.1.18
Spip Spip 2.1.17
Spip Spip 2.1.1
Spip Spip 2.1
Spip Spip 2.0.3
NA
CVE-2018-17864
SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)
5.4
CVSSv3
CVE-2017-16908
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.
Horde Groupware 5.2.19
5.4
CVSSv3
CVE-2017-16906
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.
Horde Groupware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »