Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-35959
In Plone 5.0 up to and including 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
Plone Plone
4.3
CVSSv2
CVE-2013-4722
Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote malicious users to inject arbitrary web script or HTML via the (1) username, (2) u...
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
5.8
CVSSv2
CVE-2013-4723
Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
5
CVSSv2
CVE-2013-4725
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmis...
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
5
CVSSv2
CVE-2013-4728
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote malicious users to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message.
Ddsn Cm3 Acora Content Management System 5.5.0\\/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.2\\/1a
Ddsn Cm3 Acora Content Management System 6.0.6\\/1a
Ddsn Cm3 Acora Content Management System 5.5.7\\/12b
3.5
CVSSv2
CVE-2019-17557
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.
Apache Syncope
4.3
CVSSv2
CVE-2014-9212
Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote malicious users to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section.
Altitude Altitude Unified Customer Interaction 7.5
6.8
CVSSv2
CVE-2014-9394
Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) pwgrand...
Pwgrandom Project Pwgrandom
6.8
CVSSv2
CVE-2014-9398
Cross-site request forgery (CSRF) vulnerability in the Twitter LiveBlog plugin 1.1.2 and previous versions for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the mashtlb_twitt...
Twitter Liveblog Project Twitter Liveblog
NA
CVE-2012-19353
Newscoop version 3.5.3 suffers from cross site scripting, remote file inclusion, and remote SQL injection vulnerabilities.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »