Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss man vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2016-7055
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 prior to 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are imp...
Openssl Openssl
Nodejs Node.js
7.5
CVSSv3
CVE-2016-2180
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL up to and including 1.0.2h allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via a cr...
Openssl Openssl 1.0.1m
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.1j
Openssl Openssl 1.0.1h
Openssl Openssl 1.0.2e
Openssl Openssl 1.0.1r
Openssl Openssl 1.0.2b
Openssl Openssl 1.0.1c
Openssl Openssl 1.0.1g
Openssl Openssl 1.0.2g
Openssl Openssl 1.0.1a
Openssl Openssl 1.0.2h
Openssl Openssl 1.0.1d
Openssl Openssl 1.0.1t
Openssl Openssl 1.0.2c
Openssl Openssl 1.0.1p
Openssl Openssl 1.0.1k
Openssl Openssl 1.0.1b
Openssl Openssl 1.0.1n
Openssl Openssl 1.0.1q
Openssl Openssl 1.0.1e
Openssl Openssl 1.0.1l
NA
CVE-2012-5368
phpMyAdmin 3.5.x prior to 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle malicious users to conduct cross-site scripting (XSS) attacks by modifying this code.
Phpmyadmin Phpmyadmin 3.5.0.0
Phpmyadmin Phpmyadmin 3.5.1.0
Phpmyadmin Phpmyadmin 3.5.2.0
Phpmyadmin Phpmyadmin 3.5.2.1
Phpmyadmin Phpmyadmin 3.5.2.2
6.1
CVSSv3
CVE-2018-15699
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field.
Asustor Data Master
NA
CVE-2011-3218
The "Save for Web" selection in QuickTime Player in Apple Mac OS X up to and including 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle malicious users to conduct cross-site scripting (XSS) attacks by spoofing the ...
Apple Mac Os X Server 10.6.7
Apple Mac Os X Server 10.6.6
Apple Mac Os X Server 10.6.5
Apple Mac Os X Server 10.6.4
Apple Mac Os X Server 10.5.5
Apple Mac Os X Server 10.5.4
Apple Mac Os X Server 10.4.8
Apple Mac Os X Server 10.4.7
Apple Mac Os X Server 10.4.10
Apple Mac Os X Server 10.4.1
Apple Mac Os X Server 10.3.4
Apple Mac Os X Server 10.3.3
Apple Mac Os X Server 10.2.6
Apple Mac Os X Server 10.2.5
Apple Mac Os X Server 10.1.5
Apple Mac Os X Server 10.1.4
Apple Mac Os X Server 10.1.3
Apple Mac Os X Server 10.0.2
Apple Mac Os X Server 10.0.1
Apple Mac Os X 10.6.1
Apple Mac Os X 10.6.0
Apple Mac Os X 10.5.1
NA
CVE-2008-2011
Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget prior to 1.1 allows remote National Rail Enquiries servers or man-in-the-middle malicious users to inject arbitrary web script or HTML, and execute arbitrary code, via a response ...
National Rail Enquiries National Rail Enquiries Live Departure Boards
6.1
CVSSv3
CVE-2021-40906
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an malicious user to open a backdoor on the device with HTML content and interpreted by the browser (such as...
Tribe29 Checkmk
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 1.6.0b10
Tribe29 Checkmk 1.6.0b11
Tribe29 Checkmk 1.6.0p10
Tribe29 Checkmk 1.6.0p17
Tribe29 Checkmk 1.6.0p18
1 Github repository
NA
CVE-2011-1168
Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 up to and including 4.6.1 allows remote malicious users to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable w...
Kde Kde Sc 4.5.2
Kde Kde Sc 4.4.0
Kde Kde Sc 4.6
Kde Kde Sc 4.5.4
Kde Kde Sc 4.4.1
Kde Kde Sc 4.4.2
Kde Kde Sc 4.5.5
Kde Kde Sc 4.5.1
Kde Kde Sc 4.4.3
Kde Kde Sc 4.6.1
Kde Kde Sc 4.4.4
Kde Kde Sc 4.5.3
Kde Kde Sc 4.4.5
Kde Kde Sc 4.6.0
Kde Kde Sc 4.5.0
NA
CVE-2011-2770
Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to error messages.
Robert Luberda Man2html 1.6
NA
CVE-2015-3903
libraries/Config.class.php in phpMyAdmin 4.0.x prior to 4.0.10.10, 4.2.x prior to 4.2.13.3, 4.3.x prior to 4.3.13.1, and 4.4.x prior to 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle malicious users to spoof servers a...
Phpmyadmin Phpmyadmin 4.0.3
Phpmyadmin Phpmyadmin 4.0.4
Phpmyadmin Phpmyadmin 4.0.9
Phpmyadmin Phpmyadmin 4.0.10
Phpmyadmin Phpmyadmin 4.2.7.1
Phpmyadmin Phpmyadmin 4.2.7
Phpmyadmin Phpmyadmin 4.2.11
Phpmyadmin Phpmyadmin 4.2.12
Phpmyadmin Phpmyadmin 4.3.3
Phpmyadmin Phpmyadmin 4.3.4
Phpmyadmin Phpmyadmin 4.3.12
Phpmyadmin Phpmyadmin 4.3.13
Phpmyadmin Phpmyadmin 4.4.6
Phpmyadmin Phpmyadmin 4.0.0
Phpmyadmin Phpmyadmin 4.0.5
Phpmyadmin Phpmyadmin 4.0.6
Phpmyadmin Phpmyadmin 4.0.10.6
Phpmyadmin Phpmyadmin 4.0.10.7
Phpmyadmin Phpmyadmin 4.0.10.8
Phpmyadmin Phpmyadmin 4.2.3
Phpmyadmin Phpmyadmin 4.2.2
Phpmyadmin Phpmyadmin 4.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »