Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webapp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-36832
Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows malicious users to access external storage as Cameralyzer privilege.
Samsung Cameralyzer
2.1
CVSSv2
CVE-2022-22821
NVIDIA NeMo prior to 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.
Nvidia Nemo
NA
CVE-2022-27969
Cynet 360 Web Portal before v4.5 exists to allow malicious users to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers.
Cynet Cynet 360
6.8
CVSSv2
CVE-2017-7990
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.
Openmrs Openmrs Module Reporting 1.12.0
NA
CVE-2022-27967
Cynet 360 Web Portal before v4.5 exists to allow malicious users to access a list of excluded files and profiles via a crafted GET request sent to /WebApp/SettingsExclusion/GetExclusionsProfiles.
Cynet Cynet 360
NA
CVE-2022-27968
Cynet 360 Web Portal before v4.5 exists to allow malicious users to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfiles.
Cynet Cynet 360
6.8
CVSSv2
CVE-2006-6703
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote malicious users to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.
Oracle Oracle10g
Oracle Oracle9i
1 EDB exploit
4.3
CVSSv2
CVE-2018-9147
Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote malicious users to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to webapp/users/user_reg.jsp.
Gespage Gespage 7.5.7
4.3
CVSSv2
CVE-2005-1557
Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestbook PRO 3.2.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) title or (2) content of a message.
Pixysoft Guestbook Pro 3.2.1
3.5
CVSSv2
CVE-2018-19089
tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.
Tianti Project Tianti 2.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »