Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflected xss vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-13944
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
Apache Airflow
4.3
CVSSv2
CVE-2017-0378
XSS exists in the login_form function in views/helpers.php in Phamm prior to 0.6.7, exploitable via the PATH_INFO to main.php.
Phamm Phamm
4.3
CVSSv2
CVE-2019-9914
The yop-poll plugin prior to 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS.
Yop-poll Yop-poll
4.3
CVSSv2
CVE-2013-5911
Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 up to and including 4.7 allows remote malicious users to inject arbitrary web script or HTML via the message parameter.
Tenable Securitycenter 4.7
Tenable Securitycenter 4.6
4.3
CVSSv2
CVE-2019-0218
A vulnerability exists wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.
Apache Pony Mail
4.3
CVSSv2
CVE-2020-1949
Scripts in Sling CMS prior to 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
Apache Sling Cms
4.3
CVSSv2
CVE-2018-12996
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager prior to 13 (Build 13800) allows remote malicious users to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.
Zohocorp Manageengine Applications Manager
4.3
CVSSv2
CVE-2020-17515
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions before 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue com...
Apache Airflow
4.3
CVSSv2
CVE-2016-4566
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload prior to 2.1.9, as used in WordPress prior to 4.5.2, allows remote malicious users to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
Wordpress Wordpress
Plupload Plupload
4 Github repositories
4.3
CVSSv2
CVE-2018-20806
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
Phamm Phamm 0.6.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »