Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web studio vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-1605
Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote malicious users to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio wit...
Positive Software Sitestudio 1.6 Final
Positive Software Sitestudio 1.6 Patch 1
9.8
CVSSv3
CVE-2021-42796
An issue exists in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.
Aveva Edge 2020
Aveva Edge
9.1
CVSSv3
CVE-2018-9109
Studio 42 elFinder prior to 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote malicious user to download files accessible by the web server process and delete files owned by the account running the web server pr...
Std42 Elfinder
7.5
CVSSv3
CVE-2021-42797
Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.
Aveva Edge 2020
Aveva Edge
NA
CVE-2008-2072
Cross-site scripting (XSS) vulnerability in index.php in Virtual Design Studio vlbook 1.21 allows remote malicious users to inject arbitrary web script or HTML via the l parameter, a different vector than CVE-2006-3260.
Virtual Design Studios Vlbook 1.21
1 EDB exploit
NA
CVE-2015-0998
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote malicious users to obtain sensitive information by sniffing the network.
Aveva Aveva Edge
Schneider-electric Wonderware Intouch 2014
NA
CVE-2014-4578
Cross-site scripting (XSS) vulnerability in asset-studio/icons-launcher.php in the WP App Maker plugin 1.0.16.4 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the uid parameter.
Wp App Maker Project Wp App Maker
6.1
CVSSv3
CVE-2019-14427
XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code.
Webstudio Ultimate Loan Manager 2.0
NA
CVE-2014-9094
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
Digitalzoomstudio Video Gallery -
1 EDB exploit
5.3
CVSSv3
CVE-2021-42794
An issue exists in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.
Aveva Edge 2020
Aveva Edge
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »