Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
links vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2017-14838
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
Teamworktec Job Links -
1 EDB exploit
4
CVSSv2
CVE-2017-18096
The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 prior to 5.3.4 and from 5.4.0 prior to 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SS...
Atlassian Application Links
5.5
CVSSv2
CVE-2017-18111
The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth a...
Atlassian Application Links
3.5
CVSSv2
CVE-2018-5227
Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured applica...
Atlassian Application Links
4.3
CVSSv2
CVE-2017-16860
The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerabi...
Atlassian Application Links
4.3
CVSSv2
CVE-2015-9472
The incoming-links plugin prior to 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.
Monitorbacklinks Incoming Links
NA
CVE-2023-5109
The WP Mailto Links – Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attribut...
Ironikus Wp Mailto Links
NA
CVE-2023-4482
The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor ...
Michaeluno Auto Amazon Links
NA
CVE-2023-25973
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions.
Autoaffiliatelinks Auto Affiliate Links
NA
CVE-2023-46095
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions.
Chetangole Smooth Scroll Links
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »