Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netsparker.com vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-19782
Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.
Freshrss Freshrss 1.11.1
6.1
CVSSv3
CVE-2018-19917
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.
Microweber Microweber 1.0.8
6.1
CVSSv3
CVE-2018-20121
Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.
Podcastgenerator Podcast Generator 2.7
NA
CVE-2015-7348
Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and possibly earlier allows remote malicious users to inject arbitrary web script or HTML via the id parameter to demo/en/asyncData/getNodesForBigData.php.
Ztree Project Ztree
9.8
CVSSv3
CVE-2015-7390
SQL injection vulnerability in TestLink prior to 1.9.14 allows remote malicious users to execute arbitrary SQL commands via the apikey parameter to lnl.php.
Testlink Testlink
6.1
CVSSv3
CVE-2015-7391
Multiple cross-site scripting (XSS) vulnerabilities in TestLink prior to 1.9.14 allow remote malicious users to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) contain...
Testlink Testlink
NA
CVE-2014-7183
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
Litecart Litecart
6.1
CVSSv3
CVE-2018-13055
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 up to and including 2.15.0 allows remote malicious users to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
Mantisbt Mantisbt
NA
CVE-2015-6584
Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and previous versions for jQuery allows remote malicious users to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.
Sprymedia Datatables
6.1
CVSSv3
CVE-2018-14474
views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup.
Goodoldweb Orange Forum 1.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »