Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflection vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-8160
MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a...
Mendix Mendixsso
NA
CVE-2008-4037
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka ...
Microsoft Windows Server 2003
Microsoft Windows Server 2008 -
Microsoft Windows Xp
Microsoft Windows Vista -
Microsoft Windows 2000 -
3 EDB exploits
NA
CVE-2012-6636
The Android API prior to 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote malicious users to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView compo...
Google Android Api 6.0
Google Android Api 15.0
Google Android Api 3.0
Google Android Api 8.0
Google Android Api 11.0
Google Android Api 9.0
Google Android Api 2.0
Google Android Api 12.0
Google Android Api 7.0
Google Android Api 1.0
Google Android Api 13.0
Google Android Api 14.0
Google Android Api 4.0
Google Android Api
Google Android Api 5.0
Google Android Api 10.0
1 EDB exploit
4 Github repositories
1 Article
6.5
CVSSv3
CVE-2023-5455
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an malicious user to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and syst...
Freeipa Freeipa
Freeipa Freeipa 4.11.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Fedoraproject Fedora 40
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux For Scientific Computing 7.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux For Power Little Endian 7.0
Redhat Enterprise Linux For Power Big Endian 7.0
Redhat Enterprise Linux For Ibm Z Systems 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.2
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Ibm Z Systems 8.0
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.2
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.4
9.1
CVSSv3
CVE-2021-39185
Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 up to and including 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 up to and including 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The ...
Typelevel Http4s
Typelevel Http4s 0.23.0
Typelevel Http4s 0.23.1
Typelevel Http4s 1.0.0
7.5
CVSSv3
CVE-2020-15768
An issue exists in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote malicious users to obtain authentication cookies, if they are able to discover a separate XSS vulnerabil...
Gradle Enterprise Cache Node
Gradle Enterprise
NA
CVE-2013-0422
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote malicious users to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary...
Oracle Jre 1.7.0
Oracle Jdk 1.7.0
Canonical Ubuntu Linux 12.10
Opensuse Opensuse 12.2
1 EDB exploit
16 Github repositories
8 Articles
7.4
CVSSv3
CVE-2020-4038
GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-htm...
Prisma Graphql-playground-html
Prisma Graphql-playground-middleware-express
Prisma Graphql-playground-middleware-hapi
Prisma Graphql-playground-middleware-koa
Prisma Graphql-playground-middleware-lambda
4 Github repositories
9.8
CVSSv3
CVE-2023-6943
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000...
Mitsubishielectric Fr Configurator2
Mitsubishielectric Mt Works2
Mitsubishielectric Gx Works3
Mitsubishielectric Mc Works64
Mitsubishielectric Mx Component
Mitsubishielectric Melsoft Navigator
Mitsubishielectric Gx Works2
Mitsubishielectric Got2000
Mitsubishielectric Got1000
Mitsubishielectric Ezsocket
6.1
CVSSv3
CVE-2023-50250
Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability exists in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_...
Cacti Cacti 1.2.25
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »