Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
CVE-2020-25786 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-25786
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding ...
Dlink Dir-803 Firmware 1.04.b02
Dlink Dir-816l Firmware 2.06
Dlink Dir-816l Firmware 2.06.b09
Dlink Dir-645 Firmware 1.06b01
Dlink Dir-815 Firmware 2.07.b01
Dlink Dir-860l Firmware 1.10b04
Dlink Dir-865l Firmware 1.08b01
NA
CVE-2010-4841
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) repo...
Manageengine Eventlog Analyzer 6.1
5.4
CVSSv3
CVE-2020-20285
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
Zzcms Zzcms 2019
6.1
CVSSv3
CVE-2021-37216
QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.
Qsan Xn8024r Firmware 3.1.5
Qsan Xn8008t Firmware 3.3.2
NA
CVE-2004-0705
Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x prior to 2.16.6, and 2.18 prior to 2.18rc1, allow remote malicious users...
5.4
CVSSv3
CVE-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
Dolibarr Dolibarr Erp\\/crm 11.0.0
6.1
CVSSv3
CVE-2022-35416
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.
H3c Ssl Vpn
6 Github repositories
5.4
CVSSv3
CVE-2023-1861
The Limit Login Attempts WordPress plugin up to and including 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
Limit Login Attempts Project Limit Login Attempts
9.6
CVSSv3
CVE-2020-26574
Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin...
Leostream Connection Broker
6.1
CVSSv3
CVE-2023-41642
Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow malicious users to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWS...
Grupposcai Realgimm 1.1.37
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »