Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
expression web vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2015-2482
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted replace operation with a...
Microsoft Vbscript 5.6
Microsoft Vbscript 5.7
Microsoft Vbscript 5.8
Microsoft Jscript 5.6
Microsoft Jscript 5.7
Microsoft Jscript 5.8
1 EDB exploit
2.6
CVSSv2
CVE-2010-0132
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 prior to 1.1.5 and 1.0 prior to 1.0.11, when the regular expression search functionality is enabled, allows remote malicious users to inject arbitrary web script or HTML via vectors related to "search_re input," a d...
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.1.2
Viewvc Viewvc 1.1.3
Viewvc Viewvc 1.0.7
Viewvc Viewvc 1.0.8
Viewvc Viewvc 1.1.4
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.9
Viewvc Viewvc 1.0.10
4.3
CVSSv2
CVE-2022-24891
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the *...
Owasp Enterprise Security Api
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Netapp Oncommand Workflow Automation -
Netapp Active Iq Unified Manager -
1 Github repository
4.3
CVSSv2
CVE-2012-2573
Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote malicious users to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expre...
Tdah T-day Webmail 3.2.0-2.3
2 EDB exploits
4.3
CVSSv2
CVE-2006-0860
Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions prior to 0.8, allow remote malicious users to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression...
Michael Salzer Guestbox 0.6
5
CVSSv2
CVE-2021-22902
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) prior to 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser...
Rubyonrails Rails
5
CVSSv2
CVE-2009-0419
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote malicious users to obtain sensitive information from...
Microsoft Xml Core Services
4.3
CVSSv2
CVE-2006-0758
Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not pro...
Hivemail Hivemail 1.2.1 Beta1
Hivemail Hivemail 1.2.1 Rc
Hivemail Hivemail 1.2.2
Hivemail Hivemail 1.2 Sp1
Hivemail Hivemail 1.1.1
Hivemail Hivemail 1.2
Hivemail Hivemail 1.3 Rc1
Hivemail Hivemail 1.1
Hivemail Hivemail 1.3
Hivemail Hivemail 1.3 Beta1
1 EDB exploit
NA
CVE-2023-26103
Versions of the package deno prior to 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrad...
Deno Deno
4.3
CVSSv2
CVE-2008-4033
Cross-domain vulnerability in Microsoft XML Core Services 3.0 up to and including 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote malicious users to obtain sensitive information from another domain and corrupt the session sta...
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 6.0
Microsoft Xml Core Services 5.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »