Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
anchor vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-49779
Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
Weseek Growi
NA
CVE-2023-3434
Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an malicious user to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.
Savoirfairelinux Jami 20222284
9.3
CVSSv2
CVE-2009-1708
Apple Safari prior to 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote malicious users to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.
Apple Safari 3.0
Apple Safari 3.0.3
Apple Safari 1.1
Apple Safari 1.2
Apple Safari 3.2.1
Apple Safari 3.2.3
Apple Safari 1.0
Apple Safari 1.0.3
Apple Safari 2.0.2
Apple Safari 2.0.4
Apple Safari 3.0.4
Apple Safari 3.1.1
Apple Safari 1.3
Apple Safari 1.3.1
Apple Safari
Apple Safari 3.0.2
Apple Safari 3.1
Apple Safari 3.1.2
Apple Safari 0.8
Apple Safari 1.3.2
Apple Safari 2.0
Apple Safari 0.9
4.3
CVSSv2
CVE-2021-23411
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction.
Anchorme Project Anchorme
4.3
CVSSv2
CVE-2008-4696
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera prior to 9.61 allows remote malicious users to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search ...
Opera Opera 9.20
Opera Opera 9.10
Opera Opera 9.02
Opera Opera 8.52
Opera Opera 8.51
Opera Opera 8.0
Opera Opera 7.54
Opera Opera 7.50
Opera Opera 7.21
Opera Opera 7.0
Opera Opera 7.03
Opera Opera 6.05
Opera Opera 6.04
Opera Opera 5.2
Opera Opera 5.1
Opera Opera 9.50
Opera Opera 9.51
Opera Opera
Opera Opera 9.21
Opera Opera 9.22
Opera Opera 9.01
Opera Opera 9.0
3 EDB exploits
4.3
CVSSv2
CVE-2013-4997
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x prior to 3.5.8.2 allow remote malicious users to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart titl...
Phpmyadmin Phpmyadmin 3.5.1.0
Phpmyadmin Phpmyadmin 3.5.2.2
Phpmyadmin Phpmyadmin 3.5.6
Phpmyadmin Phpmyadmin 3.5.0.0
Phpmyadmin Phpmyadmin 3.5.2.1
Phpmyadmin Phpmyadmin 3.5.2.0
Phpmyadmin Phpmyadmin 3.5.8
Phpmyadmin Phpmyadmin 3.5.5
Phpmyadmin Phpmyadmin 3.5.4
Phpmyadmin Phpmyadmin 3.5.7
Phpmyadmin Phpmyadmin 3.5.3.0
Phpmyadmin Phpmyadmin 3.5.8.1
7.5
CVSSv2
CVE-2012-6637
Apache Cordova 3.3.0 and previous versions and Adobe PhoneGap 2.9.0 and previous versions do not anchor the end of domain-name regular expressions, which allows remote malicious users to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as...
Apache Cordova 3.3.0
Apache Cordova 3.2.0
Apache Cordova
Apache Cordova 3.0.0
Apache Cordova 3.1.0
Adobe Phonegap 2.0.0
Adobe Phonegap 2.1.0
Adobe Phonegap 2.7.0
Adobe Phonegap 2.2.0
Adobe Phonegap 2.3.0
Adobe Phonegap 2.5.0
Adobe Phonegap 2.6.0
Adobe Phonegap 2.9.0
Adobe Phonegap 2.4.0
Adobe Phonegap
Adobe Phonegap 2.8.0
Adobe Phonegap 2.8.1
4.3
CVSSv2
CVE-2021-38377
OX App Suite up to and including 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.
Open-xchange Ox App Suite
5
CVSSv2
CVE-2008-4688
core/string_api.php in Mantis prior to 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote malicious users to discover an issue's title and status via a request with a modified issue number.
Mantis Mantis 1.0.7
Mantis Mantis 1.0.6
Mantis Mantis 0.19.3
Mantis Mantis 1.0.8
Mantis Mantis 1.0.1
Mantis Mantis 0.19.4
Mantis Mantis 1.0.3
Mantis Mantis 1.0.2
Mantis Mantis 1.1.2
Mantis Mantis 1.0.5
Mantis Mantis 1.0.4
Mantis Mantis 1.1.1
Mantis Mantis
5.4
CVSSv2
CVE-2015-1349
named in ISC BIND 9.7.0 up to and including 9.9.6 prior to 9.9.6-P2 and 9.10.x prior to 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote malicious users to cause a denial of service (assertion failure and daemon exit, or daemon crash) by t...
Isc Bind 9.7.0
Isc Bind 9.7.2
Isc Bind 9.7.4
Isc Bind 9.7.6
Isc Bind 9.8.0
Isc Bind 9.8.2
Isc Bind 9.8.5
Isc Bind 9.8.6
Isc Bind 9.9.0
Isc Bind 9.9.3
Isc Bind 9.9.6
Isc Bind 9.9.7
Isc Bind 9.7.3
Isc Bind 9.7.5
Isc Bind 9.8.1
Isc Bind 9.8.4
Isc Bind 9.9.5
Isc Bind 9.7.1
Isc Bind 9.8.3
Isc Bind 9.9.1
Isc Bind 9.9.2
Isc Bind 9.9.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »