Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-1070
Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 up to and including 1.6.6, and possibly earlier versions, allows remote malicious users to inject arbitrary web script or HTML via the avatar parameter.
Expressionengine Expressionengine 1.6.4
Expressionengine Expressionengine 1.6.5
Expressionengine Expressionengine 1.6.6
1 EDB exploit
NA
CVE-2009-3162
Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote malicious users to inject arbitrary web script or HTML via the search parameter in a search action to the default URI.
Multi-website Multi Website 1.5
1 EDB exploit
NA
CVE-2009-3719
Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote malicious users to inject arbitrary web script or HTML via a comment.
Davethewebguy Battle Blog 1.25
Davethewebguy Battle Blog 1.30
1 EDB exploit
NA
CVE-2009-3718
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote malicious users to execute arbitrary SQL commands via the UserName parameter.
Davethewebguy Battle Blog 1.30
Davethewebguy Battle Blog 1.25
1 EDB exploit
NA
CVE-2008-3758
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and previous versions (1) allow remote malicious users to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web scr...
Lussumo Vanilla 0.9.2
Lussumo Vanilla 1.1.2
Lussumo Vanilla 1.1.3
Lussumo Vanilla 1.1
Lussumo Vanilla 1.1.1
Lussumo Vanilla 1.0.2
Lussumo Vanilla 1.0.3
Lussumo Vanilla 1
Lussumo Vanilla 1.0.1
Lussumo Vanilla
1 EDB exploit
NA
CVE-2006-2051
Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote malicious users to inject arbitrary web script or HTML via the (1) username and (2) password parameters.
Nextage Nextage Shopping Cart
1 EDB exploit
NA
CVE-2007-6307
Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote malicious users to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header.
Jfree Jfreechart 1.0.8
1 EDB exploit
NA
CVE-2002-1453
Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote malicious users to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message.
Mywebserver Mywebserver 1.0.2
1 EDB exploit
NA
CVE-2009-4767
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. NOTE: some of these details are obtained from third party information.
Plohni Shoutbox 1.0
1 EDB exploit
NA
CVE-2015-6354
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338.
Cisco Firesight System Software 5.4.1.3
Cisco Firesight System Software 6.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »