Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stored xss vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-25761
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive informatio...
Projectworlds Visitor Management System In Php 1.0
5.4
CVSSv3
CVE-2019-16520
The all-in-one-seo-pack plugin prior to 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.
Semperplugins All In One Seo Pack
4.8
CVSSv3
CVE-2023-6789
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload e...
Paloaltonetworks Pan-os
5.4
CVSSv3
CVE-2020-28001
SolarWinds Serv-U prior to 15.2.2 allows Authenticated Stored XSS.
Solarwinds Serv-u
4.8
CVSSv3
CVE-2019-16524
The easy-fancybox plugin prior to 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filt...
Status301 Easy Fancybox
7.5
CVSSv3
CVE-2018-15819
EasyIO EasyIO-30P devices prior to 2.0.5.27 have Incorrect Access Control, related to webuser.js.
Easyio Easyio 30p Firmware
6.1
CVSSv3
CVE-2018-15820
EasyIO EasyIO-30P devices prior to 2.0.5.27 allow XSS via the dev.htm GDN parameter.
Easyio Easyio 30p Firmware
4.8
CVSSv3
CVE-2019-16522
The eu-cookie-law plugin up to and including 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color...
Eu Cookie Law Project Eu Cookie Law
6.1
CVSSv3
CVE-2020-28857
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks.
Openasset Digital Asset Management
4.8
CVSSv3
CVE-2020-3129
A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote malicious user to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based managemen...
Cisco Unity Connection
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »