Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-18935
Progress Telerik UI for ASP.NET AJAX up to and including 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Explo...
Telerik Ui For Asp.net Ajax
17 Github repositories
2 Articles
NA
CVE-2006-2345
Cross-site scripting (XSS) vulnerability in inc/elementz.php in AliPAGER 1.5 allows remote malicious users to inject arbitrary web script or HTML via the ubild parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. N...
Roostercode Ajax Softwares Alipager 1.5
NA
CVE-2015-4153
Directory traversal vulnerability in the zM Ajax Login & Register plugin prior to 1.1.0 for WordPress allows remote malicious users to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.
Zanematthew Zm Ajax Login \\& Register
1 EDB exploit
6.1
CVSSv3
CVE-2021-24432
The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue.
Berocket Advanced Ajax Product Filters
NA
CVE-2014-2217
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote malicious users to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadat...
Telerik Ui For Asp.net Ajax
1 Github repository
NA
CVE-2015-4465
Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin prior to 1.1.0 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Zanematthew Zm Ajax Login \\& Register
1 EDB exploit
NA
CVE-2006-3971
Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote malicious users to inject arbitrary web script or HTML via the userid parameter.
Scott Weedon Ajax Chat 0.1
4.3
CVSSv3
CVE-2022-27850
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an malicious user to clear the chat log or delete a chat message.
Plugin-planet Simple Ajax Chat
5.3
CVSSv3
CVE-2022-2535
The SearchWP Live Ajax Search WordPress plugin prior to 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink
Searchwp Searchwp Live Ajax Search
NA
CVE-2009-4727
SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote malicious users to execute arbitrary SQL commands via the username parameter.
Junglescripts Ajax Short Url Script
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »