Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site scripting vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-4380
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote malicious users to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter t...
Bitweaver Bitweaver 1.1
Bitweaver Bitweaver 1.1.1 Beta
5 EDB exploits
NA
CVE-2004-0067
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView prior to 2.65 allow remote malicious users to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, ...
Phpgedview Phpgedview
14 EDB exploits
NA
CVE-2007-0364
Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (...
Nicecoder Indexu 5.0.1
Nicecoder Indexu
Nicecoder Indexu 5.0
12 EDB exploits
NA
CVE-2009-2882
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote malicious users to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to se...
Datingpro Matchmaking
4 EDB exploits
NA
CVE-2006-6929
Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to repl...
Ga Soft Rapid Classified 3.1
4 EDB exploits
NA
CVE-2014-8774
Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x prior to 2.2.15 allows remote malicious users to inject arbitrary web script or HTML via the context_key parameter.
Modx Modx Revolution 2.1.0
Modx Modx Revolution 2.1.1
Modx Modx Revolution 2.1.2
Modx Modx Revolution 2.1.3
Modx Modx Revolution 2.2.6
Modx Modx Revolution 2.2.7
Modx Modx Revolution 2.2.8
Modx Modx Revolution 2.2.9
Modx Modx Revolution 2.0.6
Modx Modx Revolution 2.0.8
Modx Modx Revolution 2.1.4
Modx Modx Revolution 2.2.0
Modx Modx Revolution 2.2.10
Modx Modx Revolution 2.2.2
Modx Modx Revolution 2.2.4
Modx Modx Revolution 2.0.0
Modx Modx Revolution 2.0.5
Modx Modx Revolution 2.0.7
Modx Modx Revolution 2.1.5
Modx Modx Revolution 2.2.1
Modx Modx Revolution 2.2.3
Modx Modx Revolution 2.2.5
1 EDB exploit
NA
CVE-2014-8773
MODX Revolution 2.x prior to 2.2.15 allows remote malicious users to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.
Modx Modx Revolution 2.1.2
Modx Modx Revolution 2.1.3
Modx Modx Revolution 2.1.4
Modx Modx Revolution 2.1.5
Modx Modx Revolution 2.2.8
Modx Modx Revolution 2.2.9
Modx Modx Revolution 2.0.0
Modx Modx Revolution 2.0.7
Modx Modx Revolution 2.1.0
Modx Modx Revolution 2.2.1
Modx Modx Revolution 2.2.11
Modx Modx Revolution 2.2.5
Modx Modx Revolution 2.2.7
Modx Modx Revolution 2.0.1
Modx Modx Revolution 2.0.8
Modx Modx Revolution 2.1.1
Modx Modx Revolution 2.2.0
Modx Modx Revolution 2.2.10
Modx Modx Revolution 2.2.4
Modx Modx Revolution 2.2.6
Modx Modx Revolution 2.0.3
Modx Modx Revolution 2.0.4
1 EDB exploit
NA
CVE-2014-8775
MODX Revolution 2.x prior to 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Modx Modx Revolution 2.1.3
Modx Modx Revolution 2.1.4
Modx Modx Revolution 2.1.5
Modx Modx Revolution 2.2.0
Modx Modx Revolution 2.2.8
Modx Modx Revolution 2.2.9
Modx Modx Revolution 2.0.0
Modx Modx Revolution 2.0.7
Modx Modx Revolution 2.1.0
Modx Modx Revolution 2.1.2
Modx Modx Revolution 2.2.1
Modx Modx Revolution 2.2.11
Modx Modx Revolution 2.2.5
Modx Modx Revolution 2.2.7
Modx Modx Revolution 2.0.1
Modx Modx Revolution 2.0.8
Modx Modx Revolution 2.1.1
Modx Modx Revolution 2.2.10
Modx Modx Revolution 2.2.12
Modx Modx Revolution 2.2.4
Modx Modx Revolution 2.2.6
Modx Modx Revolution 2.0.3
1 EDB exploit
NA
CVE-2010-1482
Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) prior to 1.7.1 might allow remote malicious users to inject arbitrary web script or HTML via the date_format_string parameter.
Cmsmadesimple Cms Made Simple 1.2
Cmsmadesimple Cms Made Simple 1.1.2
Cmsmadesimple Cms Made Simple 0.10
Cmsmadesimple Cms Made Simple 1.6.7
Cmsmadesimple Cms Made Simple 1.6
Cmsmadesimple Cms Made Simple 1.5.3
Cmsmadesimple Cms Made Simple 1.2.5
Cmsmadesimple Cms Made Simple 1.2.3
Cmsmadesimple Cms Made Simple 1.0.7
Cmsmadesimple Cms Made Simple 1.0.4
Cmsmadesimple Cms Made Simple 0.11.1
Cmsmadesimple Cms Made Simple 0.10.4
Cmsmadesimple Cms Made Simple 1.1
Cmsmadesimple Cms Made Simple 1.0
Cmsmadesimple Cms Made Simple 0.11
Cmsmadesimple Cms Made Simple 1.4.1
Cmsmadesimple Cms Made Simple 1.3
Cmsmadesimple Cms Made Simple 1.6.5
Cmsmadesimple Cms Made Simple 1.6.4
Cmsmadesimple Cms Made Simple 1.6.3
Cmsmadesimple Cms Made Simple 1.6.2
Cmsmadesimple Cms Made Simple 1.6.1
NA
CVE-2014-4710
Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote malicious users to inject arbitrary web script or HTML via the Full Name field.
Aas9 Zerocms 1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »