Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html injection vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-8685
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.
Dolibarr Dolibarr
7.5
CVSSv2
CVE-2010-1327
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
Tornadostore Tornadostore
1 EDB exploit
4.3
CVSSv2
CVE-2008-5891
Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader prior to 2.1.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
Injader Injader 2.0.2
Injader Injader
Injader Injader 2.1.0
Injader Injader 2.0.3
Injader Injader 1.6.1
1 EDB exploit
4.3
CVSSv2
CVE-2019-10887
A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote malicious users to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data...
Salicru Slc-20-cube3\\(5\\) Cs121-snmp 4.54.82.130611
1 EDB exploit
4.3
CVSSv2
CVE-2017-17649
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2
1 EDB exploit
5.1
CVSSv2
CVE-2004-2625
Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote malicious users to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag.
Outblaze Outblaze Email
1 EDB exploit
6.8
CVSSv2
CVE-2002-1480
Cross-site scripting (XSS) vulnerability in phpGB prior to 1.20 allows remote malicious users to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.
Phpgb Phpgb 1.10
1 EDB exploit
4.3
CVSSv2
CVE-2019-13068
public/app/features/panel/panel_ctrl.ts in Grafana prior to 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
Grafana Grafana
4.3
CVSSv2
CVE-2006-4973
Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke prior to 3.3.5, and 4.x prior to 4.3.5, allows remote malicious users to inject arbitrary HTML via the error parameter.
Dotnetnuke Dotnetnuke 2.1.1
Dotnetnuke Dotnetnuke 1.0.10e
Dotnetnuke Dotnetnuke 1.0.10d
Dotnetnuke Dotnetnuke 1.0.7
Dotnetnuke Dotnetnuke 1.0.8
Dotnetnuke Dotnetnuke 1.0.6
Dotnetnuke Dotnetnuke 1.0.9
Dotnetnuke Dotnetnuke 3.0.8
Dotnetnuke Dotnetnuke 2.1.2
Dotnetnuke Dotnetnuke 4.0
Dotnetnuke Dotnetnuke 3.0.7
Dotnetnuke Dotnetnuke 3.1.0
1 EDB exploit
4.3
CVSSv2
CVE-2005-2721
Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote malicious users to inject arbitrary web script or HTML via the Referer field in the HTTP header.
Foojan Php Weblog
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28254
CVE-2024-32515
CVE-2024-21338
validation
CVE-2024-32522
dos
CVE-2024-2101
CVE-2024-21107
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »