Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflected xss vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-0406
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote malicious user to conduct a reflected or Document Object Model based (DOM-based) cross-site scripting (XSS) attack against a user of the web-based ma...
Cisco Web Security Appliance 11.5.0-fcs-581
Cisco Web Security Appliance 10.1.2-003
Cisco Web Security Appliance 10.5.1-269
5.4
CVSSv3
CVE-2018-0408
A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote malicious user to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of a...
Cisco Sf300-08 Firmware
Cisco Sf302-08 Firmware
Cisco Sf302-08p Firmware
Cisco Sf302-08pp Firmware
Cisco Sf302-08mp Firmware
Cisco Sf302-08mpp Firmware
Cisco Sf300-24 Firmware
Cisco Sf300-24p Firmware
Cisco Sf300-24pp Firmware
Cisco Sf300-24mp Firmware
Cisco Sf300-48 Firmware
Cisco Sf300-48p Firmware
Cisco Sf300-48pp Firmware
Cisco Sg300-10 Firmware
Cisco Sg300-10sfp Firmware
Cisco Sg300-10p Firmware
Cisco Sg300-10pp Firmware
Cisco Sg300-10mp Firmware
Cisco Sg300-10mpp Firmware
Cisco Sg300-20 Firmware
Cisco Sg300-28 Firmware
Cisco Sg300-28p Firmware
NA
CVE-2014-8774
Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x prior to 2.2.15 allows remote malicious users to inject arbitrary web script or HTML via the context_key parameter.
Modx Modx Revolution 2.1.0
Modx Modx Revolution 2.1.1
Modx Modx Revolution 2.1.2
Modx Modx Revolution 2.1.3
Modx Modx Revolution 2.2.6
Modx Modx Revolution 2.2.7
Modx Modx Revolution 2.2.8
Modx Modx Revolution 2.2.9
Modx Modx Revolution 2.0.6
Modx Modx Revolution 2.0.8
Modx Modx Revolution 2.1.4
Modx Modx Revolution 2.2.0
Modx Modx Revolution 2.2.10
Modx Modx Revolution 2.2.2
Modx Modx Revolution 2.2.4
Modx Modx Revolution 2.0.0
Modx Modx Revolution 2.0.5
Modx Modx Revolution 2.0.7
Modx Modx Revolution 2.1.5
Modx Modx Revolution 2.2.1
Modx Modx Revolution 2.2.3
Modx Modx Revolution 2.2.5
1 EDB exploit
6.1
CVSSv3
CVE-2018-12653
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.
Myadrenalin Adrenalin 5.4.0
1 EDB exploit
6.1
CVSSv3
CVE-2020-3599
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the we...
Cisco Adaptive Security Appliance
Cisco Adaptive Security Appliance Software
6.1
CVSSv3
CVE-2023-27572
An issue exists in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability exists in the https_redirect.php web page via the page parameter.
Commscope Dg3450 Firmware Ar01.02.056.18 041520 711.ncs.10
8.8
CVSSv3
CVE-2019-9202
Nagios IM (component of Nagios XI) prior to 2.2.7 allows authenticated users to execute arbitrary code via API key issues.
Nagios Incident Manager
1 Github repository
7.8
CVSSv3
CVE-2019-9166
Privilege escalation in Nagios XI prior to 5.5.11 allows local malicious users to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.
Nagios Nagios Xi
1 Github repository
9.8
CVSSv3
CVE-2019-9203
Authorization bypass in Nagios IM (component of Nagios XI) prior to 2.2.7 allows closing incidents in IM via the API.
Nagios Incident Manager
1 Github repository
9.8
CVSSv3
CVE-2019-9204
SQL injection vulnerability in Nagios IM (component of Nagios XI) prior to 2.2.7 allows malicious users to execute arbitrary SQL commands.
Nagios Incident Manager
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »