Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
script security vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-41046
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "Velocity...
Xwiki Xwiki
NA
CVE-2023-20201
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote malicious user to conduct a stored cross-site scripting (XSS) attack against a user of the inter...
Cisco Prime Infrastructure
Cisco Evolved Programmable Network Manager
NA
CVE-2023-20203
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote malicious user to conduct a stored cross-site scripting (XSS) attack against a user of the inter...
Cisco Prime Infrastructure
Cisco Evolved Programmable Network Manager
NA
CVE-2023-20205
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote malicious user to conduct a stored cross-site scripting (XSS) attack against a user of the inter...
Cisco Prime Infrastructure
Cisco Evolved Programmable Network Manager
NA
CVE-2023-20222
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the interface on an aff...
Cisco Evolved Programmable Network Manager
Cisco Prime Infrastructure
NA
CVE-2023-20228
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient va...
Cisco Encs 5100 Firmware
Cisco Encs 5400 Firmware
Cisco Ucs C220 M5 Rack Server Firmware
Cisco Ucs E160s M3 Firmware
Cisco Ucs E180d M3 Firmware
Cisco Ucs-e1120d-m3 Firmware
NA
CVE-2023-20242
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow a...
Cisco Unified Communications Manager Im And Presence Service 11.5\\(1\\)
Cisco Unified Communications Manager Im And Presence Service 12.5\\(1\\)
Cisco Unified Communications Manager 12.5\\(1\\)
Cisco Unified Communications Manager Im And Presence Service 14.0
Cisco Unified Communications Manager 11.5\\(1\\)
Cisco Unified Communications Manager 14.0
NA
CVE-2023-39417
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-...
Postgresql Postgresql
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Redhat Enterprise Linux 9.0
Debian Debian Linux 8.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
NA
CVE-2023-39418
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
Postgresql Postgresql
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Debian Debian Linux 12.0
NA
CVE-2023-20181
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote malicious user to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based managem...
Cisco Spa500ds Firmware -
Cisco Spa500s Firmware -
Cisco Spa501g Firmware -
Cisco Spa502g Firmware -
Cisco Spa504g Firmware -
Cisco Spa508g Firmware -
Cisco Spa509g Firmware -
Cisco Spa512g Firmware -
Cisco Spa514g Firmware -
Cisco Spa525 Firmware -
Cisco Spa525g Firmware -
Cisco Spa525g2 Firmware -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »