Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webapp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1230
Inappropriate implementation in WebApp Installs in Google Chrome on Android before 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)
Google Chrome
NA
CVE-2022-1864
Use after free in WebApp Installs in Google Chrome before 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
Google Chrome
1 Github repository
NA
CVE-2023-4892
Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp.
Sismics Teedy 1.11
7.5
CVSSv2
CVE-2006-6697
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and previous versions, including 9.0.2, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
Oracle Application Server Portal 10g
Oracle Application Server Portal 9.0.2
1 EDB exploit
4.3
CVSSv2
CVE-2015-8796
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr prior to 5.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted schema-browse URL.
Apache Solr
NA
CVE-2023-35075
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an malicious user to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.
Mattermost Mattermost
5
CVSSv2
CVE-2013-3018
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 up to and including 7.2.1.4 allows remote malicious users to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM...
Ibm Tivoli Application Dependency Discovery Manager
Ibm Tivoli Application Dependency Discovery Manager 7.1.2
7.5
CVSSv2
CVE-2013-3500
The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent malicious users to bypass intended filesystem restrictions by leveraging access to a Gro...
Gwos Groundwork Monitor 6.7.0
4.3
CVSSv2
CVE-2013-3501
Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) the foundation-webapp/admin/ directory, (2) the NeDi component, or (3) the Noma component.
Gwos Groundwork Monitor 6.7.0
9
CVSSv2
CVE-2019-14768
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM prior to 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.
Dimo-crm Yellowbox Crm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »