Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webapp vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2022-36832
Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows malicious users to access external storage as Cameralyzer privilege.
Samsung Cameralyzer
4.4
CVSSv3
CVE-2022-22821
NVIDIA NeMo prior to 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.
Nvidia Nemo
5.3
CVSSv3
CVE-2022-27969
Cynet 360 Web Portal before v4.5 exists to allow malicious users to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers.
Cynet Cynet 360
8.8
CVSSv3
CVE-2017-7990
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.
Openmrs Openmrs Module Reporting 1.12.0
5.3
CVSSv3
CVE-2022-27968
Cynet 360 Web Portal before v4.5 exists to allow malicious users to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfiles.
Cynet Cynet 360
5.3
CVSSv3
CVE-2022-27967
Cynet 360 Web Portal before v4.5 exists to allow malicious users to access a list of excluded files and profiles via a crafted GET request sent to /WebApp/SettingsExclusion/GetExclusionsProfiles.
Cynet Cynet 360
NA
CVE-2006-6703
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote malicious users to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.
Oracle Oracle10g
Oracle Oracle9i
1 EDB exploit
6.1
CVSSv3
CVE-2018-9147
Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote malicious users to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to webapp/users/user_reg.jsp.
Gespage Gespage 7.5.7
NA
CVE-2005-1557
Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestbook PRO 3.2.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) title or (2) content of a message.
Pixysoft Guestbook Pro 3.2.1
5.4
CVSSv3
CVE-2018-19089
tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.
Tianti Project Tianti 2.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »