Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stored xss vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-3826
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scri...
Prometheus Prometheus
Redhat Openshift Container Platform 3.11
NA
CVE-2024-34058
The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail message).
6.1
CVSSv3
CVE-2019-12517
An XSS issue exists in the slickquiz plugin up to and including 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later s...
Slickquiz Project Slickquiz
4.8
CVSSv3
CVE-2018-10091
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.
Audiocodes 420hd Ip Phone Firmware 2.2.12.126
5.4
CVSSv3
CVE-2019-16523
The events-manager plugin up to and including 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.
Wp-events-plugin Events Manager
6.1
CVSSv3
CVE-2017-12583
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
Dokuwiki Dokuwiki
4.8
CVSSv3
CVE-2023-0007
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser w...
Paloaltonetworks Pan-os
NA
CVE-2024-0007
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated admini...
4.8
CVSSv3
CVE-2022-2941
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on out...
Wp-useronline Project Wp-useronline
1 EDB exploit
5.4
CVSSv3
CVE-2019-16520
The all-in-one-seo-pack plugin prior to 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.
Semperplugins All In One Seo Pack
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »