Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xss vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2005-4494
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.
Spip Spip 1.8.2
7.5
CVSSv2
CVE-2017-7886
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
Dolibarr Dolibarr Erp\\/crm 4.0.4
4.3
CVSSv2
CVE-2014-3428
Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote malicious users to inject arbitrary web script or HTML via the model parameter to servlet.
Yealink Voip Phone Firmware 28.72.0.2
Yealink Voip Phone 28.2.0.128.0.0.0
4.3
CVSSv2
CVE-2015-7320
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin prior to 1.1.8 for WordPress allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Codepeople Appointment Booking Calendar
5
CVSSv2
CVE-2017-7888
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
Dolibarr Dolibarr Erp\\/crm 4.0.4
3.5
CVSSv2
CVE-2021-35959
In Plone 5.0 up to and including 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
Plone Plone
10
CVSSv2
CVE-2017-9034
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows malicious users to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.
Trendmicro Serverprotect 3.0
4.3
CVSSv2
CVE-2011-4054
Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote malicious users to inject arbitrary web script or HTML via the postpreservationdata parameter.
Ca Siteminder
NA
CVE-2011-4058
OmniTouch Instant Communication Suite suffers from cross site request forgery and cross site scripting vulnerabilities.
4.3
CVSSv2
CVE-2008-4408
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions prior to 1.13.2 allows remote malicious users to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.
Mediawiki Mediawiki 1.12.0
Mediawiki Mediawiki 1.13.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »