Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-9399
Cross-site request forgery (CSRF) vulnerability in the TweetScribe plugin 1.1 and previous versions for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the tweetscribe_username...
Tweetscribe Project Tweetscribe
3.5
CVSSv2
CVE-2012-3871
Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter.
Openconstructor Project Openconstructor 3.12.0
7.8
CVSSv2
CVE-2018-14918
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.
Loytec Lgate-902 Firmware
9.4
CVSSv2
CVE-2018-14916
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.
Loytec Lgate-902 Firmware
4.3
CVSSv2
CVE-2018-14919
LOYTEC LGATE-902 6.3.2 devices allow XSS.
Loytec Lgate-902 Firmware
4.3
CVSSv2
CVE-2017-7887
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
Dolibarr Dolibarr Erp\\/crm 4.0.4
4.3
CVSSv2
CVE-2008-4408
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions prior to 1.13.2 allows remote malicious users to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.13.1
4.3
CVSSv2
CVE-2011-0770
Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance prior to 6.1 allows remote malicious users to inject arbitrary web script or HTML via the Windows XP variable in a file.
Hp Windows Event Log Smartconnector
Hp Arcsight C1300 Appliance
Hp Arcsight C3400 Appliance
Hp Arcsight C5400 Appliance
Hp Arcsight C3200 Appliance
Hp Arcsight C5200 Appliance
Hp Arcsight C1000 Appliance
4.3
CVSSv2
CVE-2014-9212
Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote malicious users to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section.
Altitude Altitude Unified Customer Interaction 7.5
6.8
CVSSv2
CVE-2014-9334
Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird Feeder plugin 1.2.3 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) user or (2) password param...
Bird Feeder Project Bird Feeder 1.2.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »