Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webapp vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-1864
Use after free in WebApp Installs in Google Chrome before 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
Google Chrome
1 Github repository
4.3
CVSSv3
CVE-2023-1230
Inappropriate implementation in WebApp Installs in Google Chrome on Android before 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)
Google Chrome
4.6
CVSSv3
CVE-2023-4892
Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp.
Sismics Teedy 1.11
NA
CVE-2006-6697
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and previous versions, including 9.0.2, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
Oracle Application Server Portal 10g
Oracle Application Server Portal 9.0.2
1 EDB exploit
6.1
CVSSv3
CVE-2015-8796
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr prior to 5.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted schema-browse URL.
Apache Solr
8.1
CVSSv3
CVE-2014-0927
The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote malicious users to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259.
Ibm Sterling B2b Integrator 5.1
Ibm Sterling B2b Integrator 5.2
Ibm Sterling File Gateway 2.2
Ibm Sterling File Gateway 2.1
5.4
CVSSv3
CVE-2023-35075
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an malicious user to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.
Mattermost Mattermost
8.8
CVSSv3
CVE-2018-6186
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
Citrix Netscaler 12.0
9.8
CVSSv3
CVE-2017-6862
NETGEAR WNR2000v3 devices prior to 1.1.2.14, WNR2000v4 devices prior to 1.0.0.66, and WNR2000v5 devices prior to 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-026...
Netgear Wnr2000v5 Firmware
Netgear Wnr2000v4 Firmware
Netgear Wnr2000v3 Firmware
8.8
CVSSv3
CVE-2019-14768
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM prior to 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.
Dimo-crm Yellowbox Crm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »