Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-link vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2019-5243
There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability.
Huawei Hg255s Firmware -
6.1
CVSSv3
CVE-2019-11928
An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message.
Whatsapp Whatsapp Desktop
2 Articles
7.2
CVSSv3
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.
Thinkcmf Thinkcmf X2.2.2
6.1
CVSSv3
CVE-2022-0250
The Redirection for Contact Form 7 WordPress plugin prior to 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting
Redirection-for-contact-form7 Redirection For Contact Form 7
NA
CVE-2002-0938
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote malicious users to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
Cisco Secure Access Control Server 3.0
Cisco Secure Access Control Server 3.0.1
1 EDB exploit
5.4
CVSSv3
CVE-2022-37429
Silverstripe silverstripe/framework up to and including 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
Silverstripe Framework
6.1
CVSSv3
CVE-2020-28150
I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect.
Inetsoftware I-net Clear Reports 20.10.136
6.1
CVSSv3
CVE-2021-20994
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
Wago 0852-0303 Firmware
Wago 0852-1305 Firmware
Wago 0852-1505 Firmware
Wago 0852-1305\\/000-001 Firmware
Wago 0852-1505\\/000-001 Firmware
NA
CVE-2007-0652
Cross-site request forgery (CSRF) vulnerability in MailEnable Professional prior to 2.37 allows remote malicious users to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.
Mailenable Mailenable Professional 1.0.004
Mailenable Mailenable Professional 1.0.005
Mailenable Mailenable Professional 1.0.012
Mailenable Mailenable Professional 1.0.013
Mailenable Mailenable Professional 1.102
Mailenable Mailenable Professional 1.103
Mailenable Mailenable Professional 1.111
Mailenable Mailenable Professional 1.112
Mailenable Mailenable Professional 1.14
Mailenable Mailenable Professional 1.15
Mailenable Mailenable Professional 1.5
Mailenable Mailenable Professional 1.51
Mailenable Mailenable Professional 1.52
Mailenable Mailenable Professional 1.82
Mailenable Mailenable Professional 1.83
Mailenable Mailenable Professional 2.34
Mailenable Mailenable Professional 2.35
Mailenable Mailenable Professional 1.0.006
Mailenable Mailenable Professional 1.0.007
Mailenable Mailenable Professional 1.0.014
Mailenable Mailenable Professional 1.0.015
Mailenable Mailenable Professional 1.104
6.1
CVSSv3
CVE-2021-34364
The Refined GitHub browser extension prior to 21.6.8 might allow XSS via a link in a document. NOTE: github.com sends Content-Security-Policy headers to, in general, address XSS and other concerns.
Refined-github Project Refined-github
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »