Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html injection vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-8685
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.
Dolibarr Dolibarr
7.5
CVSSv2
CVE-2010-1327
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
Tornadostore Tornadostore
1 EDB exploit
4.3
CVSSv2
CVE-2008-5891
Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader prior to 2.1.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
Injader Injader 2.0.2
Injader Injader
Injader Injader 2.1.0
Injader Injader 2.0.3
Injader Injader 1.6.1
1 EDB exploit
4.3
CVSSv2
CVE-2019-10887
A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote malicious users to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data...
Salicru Slc-20-cube3\\(5\\) Cs121-snmp 4.54.82.130611
1 EDB exploit
4.3
CVSSv2
CVE-2017-17649
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2
1 EDB exploit
4.3
CVSSv2
CVE-2014-9349
Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter to admin/robots.php.
Robotstats Robotstats 1.0
1 EDB exploit
4.3
CVSSv2
CVE-2005-2721
Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote malicious users to inject arbitrary web script or HTML via the Referer field in the HTTP header.
Foojan Php Weblog
1 EDB exploit
4.3
CVSSv2
CVE-2006-4973
Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke prior to 3.3.5, and 4.x prior to 4.3.5, allows remote malicious users to inject arbitrary HTML via the error parameter.
Dotnetnuke Dotnetnuke 2.1.1
Dotnetnuke Dotnetnuke 1.0.10e
Dotnetnuke Dotnetnuke 1.0.10d
Dotnetnuke Dotnetnuke 1.0.7
Dotnetnuke Dotnetnuke 1.0.8
Dotnetnuke Dotnetnuke 1.0.6
Dotnetnuke Dotnetnuke 1.0.9
Dotnetnuke Dotnetnuke 3.0.8
Dotnetnuke Dotnetnuke 2.1.2
Dotnetnuke Dotnetnuke 4.0
Dotnetnuke Dotnetnuke 3.0.7
Dotnetnuke Dotnetnuke 3.1.0
1 EDB exploit
6.8
CVSSv2
CVE-2002-1480
Cross-site scripting (XSS) vulnerability in phpGB prior to 1.20 allows remote malicious users to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.
Phpgb Phpgb 1.10
1 EDB exploit
4.3
CVSSv2
CVE-2019-11846
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
Dotcms Dotcms 5.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »