Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owasp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3165
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05) I...
4.3
CVSSv2
CVE-2021-35043
OWASP AntiSamy prior to 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
Antisamy Project Antisamy
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.0
Oracle Retail Central Office 14.1
Oracle Banking Platform 2.6.2
Oracle Banking Platform 2.7.0
Oracle Banking Platform 2.7.1
Oracle Insurance Policy Administration 11.3.0
Oracle Insurance Policy Administration 11.0.2
Oracle Banking Enterprise Default Management 2.12.0
Oracle Banking Enterprise Default Management 2.10.0
Oracle Banking Party Management 2.7.0
Oracle Banking Platform
Oracle Banking Enterprise Default Managment
Oracle Insurance Policy Administration 11.1.0
Oracle Insurance Policy Administration 11.3.1
Oracle Banking Enterprise Default Management 2.7.0
Oracle Banking Enterprise Default Management 2.7.1
Oracle Banking Enterprise Default Management 2.6.2
4.3
CVSSv2
CVE-2017-14735
OWASP AntiSamy prior to 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
Antisamy Project Antisamy
4
CVSSv2
CVE-2021-41270
Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 prior to 4.4.35 and versions 5.0.0 prior to 5.3.12 are vulnerable to CSV injection, ...
Sensiolabs Symfony
Fedoraproject Fedora 34
Fedoraproject Fedora 35
NA
CVE-2024-28153
Jenkins OWASP Dependency-Check Plugin 5.4.5 and previous versions does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.
4.3
CVSSv2
CVE-2022-28367
OWASP AntiSamy prior to 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
Antisamy Project Antisamy
4.3
CVSSv2
CVE-2016-10006
In OWASP AntiSamy prior to 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
Antisamy Project Antisamy
NA
CVE-2024-3164
In dotCMS dashboard, the Tools and Log Files tabs under System ? Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to t...
NA
CVE-2022-34772
Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting.
Tabit Tabit
4.3
CVSSv2
CVE-2022-29577
OWASP AntiSamy prior to 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.
Antisamy Project Antisamy
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Enterprise Manager Base Platform 13.5.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »