Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
CVE-2020-25786 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-25786
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding ...
Dlink Dir-803 Firmware 1.04.b02
Dlink Dir-816l Firmware 2.06
Dlink Dir-816l Firmware 2.06.b09
Dlink Dir-645 Firmware 1.06b01
Dlink Dir-815 Firmware 2.07.b01
Dlink Dir-860l Firmware 1.10b04
Dlink Dir-865l Firmware 1.08b01
NA
CVE-2023-41642
Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow malicious users to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWS...
Grupposcai Realgimm 1.1.37
385
VMScore
CVE-2022-35416
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.
H3c Ssl Vpn
6 Github repositories
383
VMScore
CVE-2021-37216
QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.
Qsan Xn8024r Firmware 3.1.5
Qsan Xn8008t Firmware 3.3.2
312
VMScore
CVE-2020-35592
Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the ...
Pi-hole Pi-hole 5.0
Pi-hole Pi-hole 5.1
Pi-hole Pi-hole 5.1.1
NA
CVE-2023-1861
The Limit Login Attempts WordPress plugin up to and including 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
Limit Login Attempts Project Limit Login Attempts
828
VMScore
CVE-2020-26574
Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin...
Leostream Connection Broker
312
VMScore
CVE-2020-20285
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
Zzcms Zzcms 2019
605
VMScore
CVE-2004-0705
Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x prior to 2.16.6, and 2.18 prior to 2.18rc1, allow remote malicious users...
312
VMScore
CVE-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
Dolibarr Dolibarr Erp\\/crm 11.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »