Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stored xss vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-27907
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the u...
Apache Superset
5.4
CVSSv3
CVE-2023-49657
A stored cross-site scripting (XSS) vulnerability exists in Apache Superset prior to 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users...
Apache Superset
4.8
CVSSv3
CVE-2019-12398
In Apache Airflow prior to 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.
Apache Airflow
6.1
CVSSv3
CVE-2017-12980
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an auth...
Dokuwiki Dokuwiki
5.4
CVSSv3
CVE-2018-15903
The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which is present in the login landing page. A low privilege user can use this to steal ...
Claromentis Claromentis 8.2.2
5.4
CVSSv3
CVE-2019-8288
Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized.
Online Store System Project Online Store System 1.0
5.4
CVSSv3
CVE-2019-8289
Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable
Online Store System Project Online Store System 1.0
6.1
CVSSv3
CVE-2019-8290
Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.
Online Store System Project Online Store System 1.0
7.5
CVSSv3
CVE-2019-8291
Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal.
Online Store System Project Online Store System 1.0
9.6
CVSSv3
CVE-2018-18864
Loadbalancer.org Enterprise VA MAX prior to 8.3.3 has XSS because Apache HTTP Server logs are displayed.
Loadbalancer Enterprise Va Max
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »