Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
inject vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-41834
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially in...
Apache Flink Stateful Functions
5.4
CVSSv3
CVE-2017-15213
Stored XSS vulnerability in Flyspray prior to 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.
Flyspray Flyspray
9.8
CVSSv3
CVE-2018-12532
JBoss RichFaces 4.5.3 up to and including 4.5.17 allows unauthenticated remote malicious users to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
Redhat Richfaces
1 Github repository
NA
CVE-2008-3758
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and previous versions (1) allow remote malicious users to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web scr...
Lussumo Vanilla 0.9.2
Lussumo Vanilla 1.1.2
Lussumo Vanilla 1.1.3
Lussumo Vanilla 1.1
Lussumo Vanilla 1.1.1
Lussumo Vanilla 1.0.2
Lussumo Vanilla 1.0.3
Lussumo Vanilla 1
Lussumo Vanilla 1.0.1
Lussumo Vanilla
1 EDB exploit
NA
CVE-2014-5326
Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) up to and including 2.0.10 and 3.x up to and including 3.0.RC2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Directwebremoting Direct Web Remoting 3.0
Directwebremoting Direct Web Remoting
5.4
CVSSv3
CVE-2013-6465
Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.
Redhat Jbpm 6.0.0
NA
CVE-2010-1593
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe prior to 2.3.5 allow remote malicious users to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module prior to 0.2.5 in SilverStripe prior to 2.3.5 allo...
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.1.0
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.1.1
Silverstripe Silverstripe 2.2.2
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.0.0
Silverstripe Silverstripe 2.2.1
Silverstripe Silverstripe 2.2.4
Silverstripe Silverstripe 2.0.1
Silverstripe Silverstripe
Silverstripe Silverstripe 2.0.2
Silverstripe Silverstripe 2.2.0
5.4
CVSSv3
CVE-2014-0208
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman prior to 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
Theforeman Foreman
NA
CVE-2013-1822
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x prior to 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated user...
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.5.7
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.5.6
7.8
CVSSv3
CVE-2020-8539
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an malicious user to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may b...
Kia Head Unit Firmware Sop.003.30.18.0703
Kia Head Unit Firmware Sop.005.7.181019
Kia Head Unit Firmware Sop.007.1.191209
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »